Enterprise Africa International is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the Enterprise Africa Website and governs data collection and usage. By using the Enterprise Africa International website, you consent to the data practices described in this statement.
This POLICY serves to notify the data subject that the PROVIDER, in terms of this POLICY, collects PERSONAL INFORMATION, as per section 18 of the Promotion of Access to Information Act. In addition, this POLICY serves as compliance with Article 12(1) of the GDPR.
The PROVIDER is Enterprise Africa (Pty) Ltd with registration number 2016/330251/07, Provider with limited liability, incorporated in accordance with the provisions of the Companies Act 71 of 2008, as amended, with its registered office at 1st Floor Kiepersol House, Stonemill Office Park, Darrenwood (Randburg), Gauteng.
By accessing or utilising the PROVIDER WEBSITE and/or online shop, the USER (hereinafter referred to as the “USER”) specifically agrees to the terms of this POLICY as amended from time to time.
The PROVIDER, through this POLICY, wishes to inform the USER of the scope and purpose for which PERSONAL INFORMATION is processed by the PROVIDER in connection with the USER’S use of the PROVIDER WEBSITE and/or online shop.
The PROVIDER is the operator of the online shop at www.enter-africa.com and is responsible for processing the personal data of all USERS of the PROVIDER WEBSITE, irrespective of whether the USER registers to use the online shop.
The PROVIDER contact information, including details of the relevant person whom the USER may contact for questions concerning the processing of personal data, may be located on the PROVIDER WEBSITE, alternatively in the PROVIDER Manual in terms of section 51 of the Promotion of Access to Information Act 2 of 2000, as amended.
The PROVIDER is committed to safeguarding the privacy of USERS’ PERSONAL INFORMATION or data and the PROVIDER takes protection of privacy and PERSONAL INFORMATION very seriously.
The PROVIDER gathers, stores and uses the USER’S PERSONAL INFORMATION only in line with the contents of this POLICY and with applicable data protection provisions, such as: -
- The European General Data Protection Regulation (GDPR); and
- The Protection of Personal Information Act 4 of 2013.
The PROVIDER reserves its right to amend this POLICY from time to time and will do so without notice to any USER. The latest version of this POLICY will be indicated by the date information (below). The current version of this POLICY can always be accessed directly via the PROVIDER WEBSITE.
It is the duty of the USER to remain informed of any changes to this POLICY and the PROVIDER recommends that the USER should regularly check possible changes to this POLICY.
- PERSONAL INFORMATION
PERSONAL INFORMATION/Data, in terms of The General Data Protection Regulation and the Protection of Personal Information Act 4 of 2013 collectively, refers to information relating to an identified or identifiable natural person and where it is applicable, an identifiable, existing juristic person.
Such information may include, but is not limited to: -
- a name, age and/or gender;
- an identification or registration number;
- national and/or social origin;
- financial and/or economic information;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; and
- the personal opinions, views or preferences of the person.
In contrast, information that cannot be connected to the USER’S identity (e.g. statistical information, such as the number of WEBSITE USERS) is not considered PERSONAL INFORMATION.
As a rule, the PROVIDER WEBSITE can be used without disclosing the USER’S identity and without providing personal data. Only general information about the USER’S visit to the PROVIDER WEBSITE will be collected. However, PERSONAL INFORMATION may be collected from the USER for some of the services offered, such as entering or making use of the online shop. This information will then be processed by the PROVIDER only for the purpose of using this online service, especially for providing the desired information. When the PROVIDER requests personal data, only the data that is mandatory must be provided. Further information can be provided on a voluntary basis. The PROVIDER will indicate whether it is a required field or optional details. The PROVIDER provides specific details in relation to this aspect in the corresponding section of this POLICY.
Automated decision-making based on the USER’S PERSONAL INFORMATION is not applied to the use of the PROVIDER WEBSITE and/or online shop.
Processing, in terms of The General Data Protection Regulation and the Protection of Personal Information Act 4 of 2013 collectively, refers to any operation, activity or set of operations performed on PERSONAL INFORMATION, whether or not by automatic means, which activity may include, but is not limited to: -
- collection, receipt, structuring, recording, organisation, collation, storage, updating or modification, adaptation, retrieval, alteration, consultation or use;
- disclosure or dissemination by means of transmission, distribution or making available in any other form; and
- merging, linking, restriction, degradation, erasure or destruction.
Unless stated otherwise in this POLICY, the PROVIDER, or its hosting Providers, will store the USER’S PERSONAL INFORMATION on specially secured servers within the European Union. The storage thereof is a technical and organizational measure employed by the PROVIDER to protect against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. All information stored by the PROVIDER, is stored in compliance with the Protection of Personal Information Act No. 4 of 2013 (as amended from time to time), as well as the General Data Protection Regulation 2016/679.
Only a few authorized persons are able to access the USER’S PERSONAL INFORMATION. These individuals are responsible for the technical, commercial and editorial supervision of the server. Despite regular inspections, complete protection against all risks is not possible and the PROVIDER in no way guarantees complete protection in this regard.
The PROVIDER uses an SSL (Secure Sockets Layer) encryption for transmission of PERSONAL INFORMATION on the internet.
The PROVIDER further undertakes to secure the integrity and confidentiality of the PERSONAL INFORMATION that is in its possession and under its control, by taking the appropriate reasonable technical and organisational measures to prevent loss, damage, unauthorised destruction, unlawful access, or unlawful processing of the USER’S PERSONAL INFORMATION. In doing so, the PROVIDER shall have due regard to generally accepted applicable or industry information security practices and procedures.
This POLICY applies to all data subjects (i.e. persons (whether a natural or juristic person) to which the PERSONAL INFORMATION relates), and the PERSONAL INFORMATION the PROVIDER processes and collects, whether it was provided to the PROVIDER through the use of its WEBSITE, online shop or through any other form of communications with the USER, such as email, telephone, or otherwise.
LEGAL BASIS FOR DATA PROCESSING
Insofar as the PROVIDER obtains consent to process the USER’S personal data, Article 6(1)(a) of the GDPR and section 11(1)(a) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
Insofar as the USER’S personal data is processed because it is required to fulfil a contract or as part of a contract-like relationship with the USER, Article 6(1)(b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
Insofar as the PROVIDER processes the USER’S personal data to fulfil a legal obligation, Article 6(1)(c) of the GDPR and section 11(1)(c) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
As a legal basis for data processing, Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, is taken into further consideration if the processing of the USER’S personal data is required to protect a legitimate interest of the PROVIDER or a third party and the USER’S interests, basic rights and freedoms do not require personal data to be protected.
In line with this POLICY, the PROVIDER will always indicate on which legal basis the PROVIDER processes the USER’S personal data.
- COLLECTION OF PERSONAL INFORMATION
The nature of the PERSONAL INFORMATION that the PROVIDER collects about its USERS and/or USERS is dependent on:
- the transaction that the USER is completing;
- the reason that the USER is communicating with the PROVIDER for; and
- the Channel that is used to communicate with the PROVIDER.
When the PROVIDER Internet pages are called up, the PROVIDER receives access data that is stored for protective purposes which allows the PROVIDER to identify the USER. This data includes:
- the name of the USER’S Internet service Provider;
- the country the USER resides in;
- the WEBSITE the USER comes from to visit the PROVIDER;
- the search term the USER uses, if it accesses the PROVIDER WEBSITE via a search engine;
- the websites of the PROVIDER that the USER visits;
- the user tool (web browser, operating system) the USER uses to access the WEBSITE;
- files that the USER downloads from the PROVIDER WEBSITE (e.g. PDF or Word documents);
- the duration of the USER’S visit on the WEBSITE;
- the date and the time of the USER’S visit on the WEBSITE;
This information is assessed by the PROVIDER and allows it to optimize its offerings as a whole and to personalize the content specifically for the USER, e.g. recognize the USER as a return visitor to the PROVIDER Internet offering.
- REASONS FOR COLLECTING PERSONAL INFORMATION?
The PROVIDER collects the PERSONAL INFORMATION from the USER when it:
- voluntarily provides the PROVIDER with information;
- subscribes to or consents to receiving newsletters or other communications from the PROVIDER;
- browses, visits or participates in the PROVIDER WEBSITE;
- registers an online profile on the PROVIDER WEBSITE;
- purchases or enquires about the products/services sold by the PROVIDER;
- makes general enquiries, lodge complaints, and communicate with the PROVIDER.
From time to time the PROVIDER may collect PERSONAL INFORMATION from trusted third parties, in which case it shall ensure that the USER has provided its consent in respect thereof.
The PROVIDER shall not sell, rent or otherwise disclose its PERSONAL INFORMATION to any third party without the USER’S express consent, provided that by using the WEBSITE and/or subscribing for any of the PROVIDER services, the USER provides its express and informed consent for the PROVIDER to disclose its PERSONAL INFORMATION to third parties as follows:
- to third party companies employed by the PROVIDER to provide services for it, including for example, website hosting, administration, maintenance and development. These companies require access to the USER’S PERSONAL INFORMATION to perform their functions and not for any other purpose;
- to transfer the USER’S database/s, including PERSONAL INFORMATION contained therein, to any third party who acquires all or substantially all of the assets or shares in the PROVIDER or the PROVIDER WEBSITE service whether by sale, merger, acquisition or otherwise;
- to governmental agencies, exchanges and other regulatory or self-regulatory organisations if the PROVIDER is required to do so by law or if the PROVIDER believes that such action is necessary to:
- comply with the law or with any legal process;
- protect and defend the PROVIDER rights and property or that of its USERS and companies in its group;
- prevent fraud or abuse, misuse or unauthorised use of the PROVIDER WEBSITE; and/or
- protect the personal safety or property of its USERS or the public (if the USER provides false or deceptive information about itself or misrepresents itself as being someone else, the PROVIDER shall disclose such information to the appropriate regulatory bodies and commercial entities); and
- if applicable, to personalise the USER’S experience on the PROVIDER WEBSITE, to help the USER to log on in future and to continue to use the WEBSITE, to reply to queries the USER might have, to provide it with support and to help the PROVIDER select services or materials for inclusion on its WEBSITE, which may be of interest to the USER.
The PROVIDER undertakes not to use PERSONAL INFORMATION other than for the purpose for which it was provided or collected, and in accordance with the PROVIDER legitimate interests and legal obligations.
The PROVIDER reserves the right to share non-personal, non-individual information in aggregate form with third parties for business purposes, for example with advertisers on the PROVIDER WEBSITE or business associates and partners. The USER shall not be identifiable from such data.
The PROVIDER is not responsible and cannot be held liable for the privacy practices of such third parties.
- SHARING PERSONAL DATA WITH THIRD PARTIES
The PROVIDER generally uses your PERSONAL INFORMATION to carry out the services desired by the USER only. Insofar as the PROVIDER uses external service Providers to carry out these services, their access to the data will be exclusively for the purpose of this task.
Using technical and organizational measures, the PROVIDER ensures compliance with data protection standards and also commits its external service Providers to such standards.
By using this WEBSITE, The USER agrees to allow third parties to process the USER’S IP address, in order to determine the USER’S location for the purpose of currency conversion. The USER also agrees to have that currency stored in a session cookie in the USER’S browser (a temporary cookie which gets automatically removed when the USER closes the browser). The PROVIDER does this in order for the selected currency to remain selected and consistent when browsing the WEBSITE so that the prices can convert to the USER’S local currency.
Furthermore, the PROVIDER does not pass on data to third parties without the USER’S express permission, especially not for promotional purposes.
The USER’S personal data is passed on only if the USER has consented to it or insofar as the PROVIDER is authorized or obligated to do so due to legal provisions and/or official or judicial instructions.
In particular, this may concern giving information for the purpose of criminal prosecution, for hazard prevention, or to enforce intellectual property rights.
- DELETING DATA AND STORAGE DURATION
As a rule, the PROVIDER will always delete or block the USER’S personal data when the purpose of the storage is eliminated.
However, storage may also take place if this is designated by legal provisions to which the PROVIDER is subject, for example in terms of legal storage and documentation obligations.
In a case such as this, the PROVIDER will delete or block the USER’S personal data after the end of the relevant specifications.
- USING THE PROVIDER ONLINE SERVICE
Each time the PROVIDER WEBSITE is accessed, the PROVIDER gathers the following information about the USER’S device independently of the USER’S registration:
- the IP address of the USER’S device;
- the web browser request; and
- the time of the request.
In addition, the status and the data volume transferred will be collected by the PROVIDER as part of this request.
The PROVIDER also collects product and version information about the web browser used and the device's operating system.
Furthermore, the PROVIDER gathers information on the WEBSITE from which the online service was accessed.
The IP address of the USER’S device is stored only for the time that the online service is used and is deleted afterward or anonymized by abbreviating it. The other data is stored for an unlimited amount of time.
The PROVIDER uses this data to operate the online service, particularly to identify and remedy errors in order to determine the utilization of the online service and make adjustments or improvements. As the PROVIDER justifiable interest in data processing in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, these purposes are also the legal basis for this processing.
- ACCESS TO AND USE OF THE SHOP
An order in the PROVIDER online store (“SHOP”) is not possible until the USER has been activated for the SHOP.
USERS are activated at the PROVIDER’s discretion only after the USERS have requested access to the SHOP (“registration request”).
The registration request gathers mostly PROVIDER-related information, but also personal details such as the name of the contact and the business email address. When the PROVIDER sets up access to the SHOP on the basis of the registration request, the PROVIDER creates a personal User account. In doing so, the PROVIDER uses the mandatory information provided in the registration request, as well as the USER’S master data of which the PROVIDER is already aware (such as address and payment data).
Should the USER fail to provide the mandatory information upon registration request, the consequence is that the USER will not be afforded access to the PROVIDER SHOP.
After activation, the USER can view and (in some cases after checking with the PROVIDER) change all the information the PROVIDER used to set up the USER account.
The USER account is used for the USER’S orders in the SHOP.
The legal basis for this processing is the initiation of a contract conclusion at the request of the USER in accordance with Article 6 (1) b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended and the PROVIDER legitimate interest in this design of the order process in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
The PROVIDER uses the PERSONAL INFORMATION (such as name, email address, address, payment data) available in the USER account for the purpose of ordering goods in order to implement and process the order, which is subject to acceptance by the PROVIDER.
This information is kept confidential and not forwarded to third parties who are not involved in the ordering, delivery, or payment process.
The legal basis for this processing is the initiation of a contract conclusion at the request of the USER and the conclusion and performance of a contract with the USER in accordance with Article 6 (1) b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended.
The payments by way of credit card payment or other payment methods (including bank transfers, if indicated) are processed by Adyen N.V., Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam, the Netherlands, or by associated companies. The PROVIDER reserves its right to change the service Provider without prior notice to the USER.
In addition to pure payment processing, Adyen also performs a credit check. In order to prevent and uncover fraud, the PROVIDER transmits the USER’S IP address and other data relating to the USER’S device (e.g., type of device, browser version) to Adyen along with the data required for payment processing and the credit check. Adyen stores the USER’S IP address. All data is encrypted for transmission.
The PROVIDER reserves the right to engage additional payment service Providers.
The USER does not have to provide the PROVIDER with PERSONAL INFORMATION in order to visit or access the freely available sections of its WEBSITE.
Some services on the PROVIDER WEBSITE may, however, be restricted to registered USERS only (including but not limited to access to the online shop). In order for the USER to use such services the PROVIDER will require certain PERSONAL INFORMATION from the USER. The PERSONAL INFORMATION will be provided to the PROVIDER by the USER when the USER registers with the PROVIDER.
All PERSONAL INFORMATION provided by the USER will be collected, stored and used in accordance with this POLICY, the European General Data Protection Regulation and the Protection of Personal Information Act 4 of 2013 and the USER explicitly consents to such use when it registers with the PROVIDER.
requests for consent to process personal information for purposes of direct marketing by electronic communication
Where the PROVIDER wishes to process the USER’S PERSONAL INFORMATION for the purpose of direct marketing by electronic communication it will in terms of section 69(2) of the Act provide the USER with a request for written consent in a form similar to Form 4 of the Regulations Relating to the Protection of Personal Information (http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf).