This Policy applies to all data subjects (i.e. persons (whether a natural or juristic person) to which the personal information relates), and the personal information EAI processes and collects, whether it was provided to EAI through the use of its website or through any other form of communications with EAI, such as email, telephone, or otherwise.
3. YOUR RIGHTS AND CONTACT
EAI places strong emphasis on explaining the processing of personal data as transparently as possible and informing data subjects of their rights. In the event that data subjects would like more detailed information or wish to exercise their rights, data subjects can contact EAI at any time so that EAI can take care of the data subject’s concerns.
4. EAI AND ITS CONTACT DETAILS
4.1. The responsible party/controller is EAI, with registration number, 2016 / 330251 / 07, is a private company duly incorporated and registered in South Africa in accordance with the provisions of the Companies Act 71 of 2008, as amended, with its registered office at 300 Acacia Road, Darrenwood, Randburg, Gauteng 2194.
4.2. EAI’S contact information, including details of the relevant person whom the data subject may contact for questions concerning the processing of personal data, may be located: -
4.2.1. at clause 19 below; alternatively
4.2.2. on EAI’S website; alternatively
4.2.3. in EAI’S Manual in terms of section 51 of the Promotion of Access to Information Act 2 of 2000, as amended.
5. PERSONAL INFORMATION
5.1. Personal Information/Data, in terms of the GDPR and the Protection of Personal Information Act 4 of 2013 collectively, refers to information relating to an identified or identifiable natural person and where it is applicable, an identifiable, existing juristic person.
5.2. Such information may include, but is not limited to: -
5.2.1. a name, age and/or gender;
5.2.2. an identification or registration number;
5.2.3. national and/or social origin;
5.2.4. financial and/or economic information;
5.2.5. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
5.2.6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; and
5.2.7. the personal opinions, views or preferences of the person.
5.3. In contrast, information that cannot be connected to the data subject’s identity (e.g. statistical information, such as the number of website users) is not considered personal information.
5.4. EAI reserves the right to share non-personal, non-individual information in aggregate form with third parties for business purposes, for example with advertisers on EAI’S website or business associates and partners. The data subject shall not be identifiable from such data.
5.5. EAI warrants that it shall conclude operator agreements with third parties with whom agreements for business purposes are concluded as referred to in clause 4.
5.6. EAI is not responsible and cannot be held liable for the privacy practices of such third parties should the operator agreement be breached by the third party.
5.7. EAI’S website can be used without disclosing the data subject’s identity and without providing personal data. Only general information about the data subject’s visit to EAI’S website will be collected. However, personal information may be collected from the data subject for some of the services offered, such as providing the subject with market and trade related information.
5.8. This information will then be processed by EAI only for the purpose of using this online service, especially for providing the desired information. When EAI requests personal data, only the data that is mandatory for the purpose of the business engagement must be provided. Further information can be provided on a voluntary basis. EAI will appropriately indicate whether it is a required field or optional details. EAI provides specific details in relation to this aspect in the corresponding section of this Policy.
6.1. Processing, in terms of the GDPR and the Protection of Personal Information Act 4 of 2013 collectively, refers to any operation, activity or set of operations performed on personal information, whether or not by automatic means, which activity may include, but is not limited to: -
6.1.1. collection, receipt, structuring, recording, organisation, collation, storage, updating or modification, adaptation, retrieval, alteration, consultation or use;
6.1.2. disclosure or dissemination by means of transmission, distribution or making available in any other form; and
6.1.3. merging, linking, restriction, degradation, erasure or destruction.
7. LEGAL BASES FOR DATA PROCESSING
7.1. Where EAI obtains consent to process the data subject’s personal data, Article 6(1)(a) of the GDPR and section 11(1)(a) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
7.2. Insofar as the data subject’s personal data is processed because processing is required to fulfil a contract or as part of a contract-like relationship with the data subject, Article 6(1)(b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
7.3. Insofar as EAI processes the data subject’s personal data to fulfil a legal obligation, Article 6(1)(c) of the GDPR and section 11(1)(c) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
7.4. As a legal basis for data processing, Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, is taken into further consideration if the processing of the data subject’s personal data is required to protect a legitimate interest of EAI or a third party and the data subject’s interests, basic rights and freedoms do not require personal data to be protected.
7.5. In line with this Policy, EAI will always indicate on which legal basis EAI processes the data subject’s personal data.
7.6. EAI undertakes not to use personal information other than for the purpose for which it was provided or collected, and in accordance with EAI’S legitimate interests and legal obligations.
7.7. EAI collects, processes, and uses personal information only to the extent necessary to establish, design or modify legal relationships with EAI.
7.8. This is conducted by EAI in terms of Article 6(1)(b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended, which permits the processing of information to fulfil a contract or for measures preliminary to a contract.
7.9. EAI collects, processes and uses personal information concerning the use of EAI’S website (usage data) only to the extent required to enable data subjects to have access to EAI’S services or to invoice data subjects for same.
8. THE INFORMATION BEING COLLECTED, THE SOURCE FROM WHICH IT IS COLLECTED, THE PURPOSE FOR ITS COLLECTION AND PROCESSING
8.1. The nature of the personal information that EAI collects from data subjects is dependent on:
8.1.1. the transaction that the data subject is completing;
8.1.2. the reason that the data subject is communicating with EAI; and
8.1.3. the channel, or manner, that is used to communicate with EAI.
8.2. Generally, EAI collects the personal information from the data subject when it, inter alia,:
8.2.1. voluntarily provides EAI with information;
8.2.2. browses, visits or participates on EAI’S website;
8.2.3. subscribes to or consents to receiving newsletters or other communications from EAI;
8.2.4. purchases or enquires about the products/services sold by EAI;
8.2.5. makes general enquiries or lodges complaints with EAI; and/or
8.2.6. communicates with EAI.
8.3. From time-to-time EAI may collect personal information from trusted third parties, in which case it shall ensure that the data subject has provided its consent in respect thereof.
8.4. INFORMATION ABOUT THE DATA SUBJECT’S DEVICE WHEN VISITING AND/OR PARTICIPATING ON EAI’S WEBSITE
8.4.1. EAI’S IT systems automatically collect personal information from data subjects when accessing EAI’S website, which information generally takes the form of technical information such as the data subjects internet browser, operating system or the time of the data subject’s visit to the website.
8.4.2. When EAI’S Internet page is accessed, or otherwise called up, EAI receives access data that is collected and stored for protective purposes which allows EAI to identify the data subject. This data includes:
184.108.40.206. the IP address of the data subject’s device;
220.127.116.11. the web browser request;
18.104.22.168. the time of the request;
22.214.171.124. the status and data volume transferred;
126.96.36.199. the name of the data subject’s Internet service provider;
188.8.131.52. the country the data subject resides in;
184.108.40.206. the website the data subject comes from to visit EAI’S website;
220.127.116.11. the search term the data subject uses, if it accesses EAI’S website via a search engine;
18.104.22.168. the websites of EAI that the data subject visits;
22.214.171.124. the user tool (web browser, operating system) the data subject uses to access the website;
126.96.36.199. product and version information about the data subject’s web browser
188.8.131.52. files that the data subject downloads from EAI’S website (e.g. PDF or Word documents);
184.108.40.206. the duration of the data subject’s visit on the website; and
220.127.116.11. the date and the time of the data subject’s visit on the website;
8.5. The IP address of the data subject’s device is stored only for the time that the website is used and is deleted afterward or anonymized by abbreviating it. The other data is stored for an unlimited amount of time.
8.6. The personal information detailed above is collected and processed by EAI pursuant to its legitimate interests in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, as: -.
8.6.1. This data is collected to ensure the proper functioning of EAI’S website and may be used to analyse how data subjects make use of EAI’S
8.6.2. This information allows EAI to optimize its offerings as a whole and to personalize the content specifically for the data subject concerned, e.g. to recognize the data subject as a return visitor to EAI’S Internet offering.
8.6.3. EAI uses this data to operate the online service, particularly to identify and remedy errors in order to determine the utilization of the online service and make adjustments or improvements.
8.7. CONTACT FORM
8.7.1. Some information is collected by EAI when it is provided to EAI by the data subject.
8.7.2. Should a data subject send EAI an inquiry using the contact form on EAI’S website, the data subject’s information, as contained in the contact form, including the contact information the data subject provides therein, will be stored by EAI for the purpose of responding to the data subject’s inquiry and any follow-up questions which may arise by virtue of EAI’s response to the inquiry.
8.7.3. EAI will not share the information provided by the data subject without the data subject’s consent.
8.7.4. The data subject’s delivery of information to EAI is entirely voluntary and a failure to provide such information means EAI will be unable to address the data subject’s inquiry.
8.7.5. The information contained in the contact form is processed exclusively based on your consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of the Protection of Personal Information Act, which consent may be revoked at any time.
8.7.6. A further legal basis for the processing of the data is EAI’S legitimate interest in responding to the data subject’s inquiry in accordance with Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
8.7.7. Should the data subject’s contact with EAI be aimed at concluding or entering into a contract, Article 6(1)(b) of the GDPR and section11(1)(b) of the Protection of Personal Information Act, as amended, is an additional legal basis for the processing of the data subject’s personal information.
8.7.8. EAI will retain the information provided by the data subject on the contact form until such time as the data subject requests its deletion, revokes its consent in respect of its storage, or the purpose for its storage has been fulfilled.
8.7.9. Any mandatory statutory provisions, in particular those regarding statutory information retention periods, remain unaffected by this provision.
8.8. REGISTRATION ON EAI’S WESBITE
8.8.1. The data subject does not have to provide EAI with personal information in order to visit or access the freely available sections of its website.
8.8.2. However, certain services on EAI’S website are only accessible by data subjects who have registered with EAI.
8.8.3. Data subjects may elect to register on EAI’S website to gain access to additional functions offered by EAI.
8.8.4. EAI will require certain mandatory personal information from the data subject in order to complete the registration.
8.8.5. The data subject’s registration information will only be used by EAI for the purpose of delivering the respective offer or service for which the data subject has have registered.
8.8.6. The mandatory information requested during registration must be provided in full, failing which EAI will reject the data subject’s registration.
8.8.7. EAI will process the data subject’s registration information, such as the data subjects email address, to inform the data subject about important changes, which include but are not limited to changes in the scope of the offers made by EAI, or technically necessary changes.
8.8.8. EAI will process the data provided during registration exclusively based on the data subject’s consent in terms of Article 6(1)(a) of the GDPR and section 11(1)(a) of the Protection of Personal Information Act, which consent may be revoked at any time.
8.8.9. The information collected by EAI during a data subject’s registration will be stored by EAI as long as the data subject is registered on EAI’S
8.8.10. The data subject’s registration information will be subsequently deleted should the data subject cancel its registration with EAI. However, statutory retention periods remain unaffected.
9. EAI newletter
9.1. In the event that the data subject has not provided consent to EAI in writing, EAI uses what is known as the opt-in process, which means that EAI will only send the data subject a newsletter by e-mail when the data subject has expressly confirmed in advance that EAI shall be entitled to deliver its newsletter.
9.2. The data subject can unsubscribe from the newsletter at any time.
9.3. When the data subject registers for the EAI newsletter, the data subject’s e-mail address will be used for EAI’S own advertising purposes until such time as the data subject unsubscribes. The data subject will receive regular information via e-mail on current topics. These e-mails may be personalized and tailored based on EAI’S information about the data subject.
9.4. The legal basis for processing the data subject’s personal information is the data subject’s consent in accordance with Article 6(1)(a) of the GDPR and section 11(1)(a) of the Protection of Personal Information Act, as amended, if the CUSTOMER has expressly subscribed to the newsletter.
9.5. If the data subject does not want to receive the EAI newsletter, the data subject can withdraw their given consent at any time with effect for the future or object to further receipt of emails.
9.6. The data subject can withdraw its consent by using the unsubscribe link included in every newsletter or send a message to EAI or its data protection/information officer.
9.7.1. When visiting EAI’S website, statistical analyses may be made of the data subject’s internet browsing behaviour.
9.7.2. EAI utilises cookies and analytics to analyse the data subject’s internet browsing behaviour. The data collected through cookies and analytics is anonymous and EAI will be unable to identify you based on the data which is collected in this manner.
9.7.3. Cookies are small text files that are stored on a data subject’s computer and store, via the data subject’s web browser, the settings and data which are shared with EAI’S online service.
9.7.4. Cookies usually contain the name of the domain from which the cookie file was sent and information about the age of the cookie and an alphanumerical identifier. This enables EAI to identify the data subject’s device and make possible default settings available immediately.
9.7.5. The majority of the cookies used by EAI are known as session cookies, which are automatically deleted at the end of the data subject’s visit to EAI’S
9.7.7. Cookies assist EAI in improving the functionality of its website and provides the data subject with a more user-friendly service that is specific to the data subject’s needs. This information is also used to identify and remedy errors in order to make adjustments or improvements as well as to identify and track abuse.
9.7.8. Cookies which are necessary to allow electronic communications or to provide certain functions that data subjects wish to use and are stored pursuant to Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, as EAI has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors.
9.7.9. Some cookies are necessary for technical reasons to enable the use of EAI’S online service. With these cookies, EAI gathers and stores the following data:
18.104.22.168. Language settings;
22.214.171.124. Search settings;
126.96.36.199. Information to identify or authenticate the user;
188.8.131.52. Data for smooth forwarding of audio or video content.
9.7.10. Some functions can be provided only by using cookies. This concerns the search function and language settings, amongst other things.
9.7.11. From this follows the EAI’S justifiable interest for the legal basis for processing data by means of cookies in accordance with Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
9.7.12. Most web browsers are set up so that the data subject automatically accepts cookies. However, the data subject can deactivate cookie storage or set up its web browser so that it notifies the data as soon as cookies are sent. It is also possible to delete already stored cookies manually using the web browser settings.
9.7.13. Data subjects may object to processing in this manner or may prevent the processing entirely via their internet settings.
9.7.14. However, EAI hereby provides notification that the data subject may only have access to a restricted version of EAI’S website, or not at all, if the data subject rejects the storage of cookies or deletes the necessary cookies.
9.8. SERVER LOG FILES
9.8.1. EAI automatically collects and stores information in so-called server log files, which a data subject’s browser automatically transmits to EAI. These include, but are not limited to, mainly:
184.108.40.206. Browser type and browser version;
220.127.116.11. Operating system used;
18.104.22.168. Referrer URL;
22.214.171.124. Host name of the accessing device;
126.96.36.199. Time of the server request; and
188.8.131.52. IP address.
9.8.2. EAI records and stores the data subject’s IP Address, so as to enable EAI to transmit the contents of its website to the data subject’s device, which includes, but is not limited to text, images and files made available for download.
9.8.3. This information will not be combined with data from other sources.
9.8.4. The basis for data processing is Article 6(1)(b) of the GDPR and section 11(1)(b), which permits the processing of data to fulfil a contract or for measures preliminary to a contract, as well as EAI’S legitimate interests in the proper and user-friendly functioning of its website in terms of Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
10. USE OF SOCIAL MEDIA
10.1. In EAI’S online service, data subjects may find hyperlinks to the social media site LinkedIn.
10.2. The hyperlink can be recognized by the provider's respective logo.
10.4. EAI makes use of the retargeting service offered by LinkedIn, called ‘LinkedIn Website Retargeting’. The utilisation of this service is aimed at enhancing EAI’S ability to retarget data subjects who visit EAI’S website, in a refined manner, to increase further engagement with the data subject.
10.5.1. LinkedIn: https://www.linkedin.com/legal/privacy-policy
10.6. Before calling up the relevant hyperlinks, the data subject’s personal information is not transferred to the respective provider.
10.7. Processing personal information for the purposes of connecting advertisements forms part of EAI’S justifiable interest pursuant to Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
10.8. USE OF RETARGETING AND REMARKETING
10.8.1. “Retargeting and remarketing” refer to technologies in which data subjects who have visited a certain website are shown similar and/or applicable advertisements even after having left the For this, it is required that data subjects acknowledge for what purpose the cookies of the corresponding service provider are used. Previous usage behaviour is also taken into account in this regard.
10.8.2. For example, if a data subject views certain services, these services, or similar services, could then be shown later as advertisements on other websites. This concerns personalized advertisements that are adapted to the needs of the individual data subject. For these personalized advertisements, it is not necessary for the data subject to be identified beyond initial recognition. The data used for retargeting or remarketing is therefore not combined with further data.
10.8.3. EAI uses these kinds of technologies to connect advertisements on the internet.
10.8.4. EAI relies on third-party providers to connect advertisements and EAI uses Google services (Google AdWords Conversion and Google Remarketing) to this end.
10.8.5. The conversion tracking by the advertising program “Google AdWords” provides EAI with information on the success of its
10.8.6. Google AdWords allows EAI to track whether users respond to its advertisements placed on other websites by Google or its partners. If a user clicks on such an advertisement and is thus redirected to EAI’S website, a cookie is stored on the data subject’s device. In addition, Google AdWords can identify which specific advertisement brought a data subject to EAI’S website.
10.8.7. According to Google, the cookie normally expires after 30 days. EAI only receives statistical analyses of this data, which it can use to determine the success of its advertising. EAI does not receive information that can personally identify data subjects. EAI, however, has no influence on Google’s use of the data.
10.8.8. In addition, EAI uses the Google Remarketing advertising program in connection with personalized advertising on its With this program, you can be shown EAI’S advertising and its products when using other websites after visiting EAI’S website.
10.8.9. This is enabled by cookies stored in your browser that record internet usage when visiting various websites. For example, Google can identify the data subject’s previous visit to EAI’S website and place relevant advertisements for EAI.
10.8.10. Google states that the data collected in connection with remarketing cannot be linked to the data subject’s personal information that Google may have stored. In particular, Google claims to practice pseudonymization with regard to remarketing.
10.8.11. For more information about data privacy by Google, see at:
10.8.11.1. http://www.google.com/intl/de/policies/privacy; and
10.8.12. Google is certified in accordance with the regulations of the EU-US-Privacy-Shield (https://www.privacyshield.gov/EU-US-Framework).
10.8.13. The installation of cookies for Google remarketing and Google AdWords conversion tracking can be prevented by a setting on the respective web browser software by calling up the website (https://support.google.com/ads/answer/7395996?hl=de?) and changing the corresponding setting.
10.8.14. Processing personal information for the purposes of connecting advertisements forms part of EAI’S justifiable interest pursuant to Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
11. TRANSFER OF INFORMATION TO A THIRD PARTY AND THE LEVEL OF PROTEcTION AFFORDED TO THE INFORMATION BY SUCH THIRD PARTIES
11.1. Without detracting from anything to contrary contained herein, EAI, shall not sell, rent or otherwise disclose its personal information to any third party without the data subject’s express consent, provided that by using the website, registering on EAI’S online shop and/or subscribing for any of the EAI’S services, the data subject provides its express and informed consent for EAI to disclose its personal information to third parties as follows:
11.1.1. to third party companies employed by EAI to provide services for it, including for example, website hosting, administration, maintenance, development and deliveries, amongst other things. These companies require access to the data subject’s personal information to perform their functions and not for any other purpose;
11.1.2. to transfer the data subject’s database/s, including personal information contained therein, to any third party who acquires all or substantially all of the assets or shares in EAI or EAI’S website service whether by sale, merger, acquisition or otherwise;
11.1.3. to governmental agencies, exchanges and other regulatory or self-regulatory organisations if EAI is required to do so by law or if such action is necessary to:
184.108.40.206. comply with the law or with any legal process;
220.127.116.11. protect and defend EAI’S rights and property or that of its data subjects and companies in its group, where applicable;
18.104.22.168. prevent fraud or abuse, misuse or unauthorised use of EAI’S website; and/or
22.214.171.124. protect the personal safety or property of its data subjects or the public (if the data subject provides false or deceptive information about itself or misrepresents itself as being someone else, EAI shall disclose such information to the appropriate regulatory bodies and commercial entities); and
126.96.36.199. if applicable, to personalise the data subject’s experience on the EAI’S website, to help the data subject to log on in future and to continue to use the website, to reply to queries the data subject might have, to provide it with support and to help EAI select services or materials for inclusion on its website, which may be of interest to the data subject.
11.1.4. Where EAI is obligated to do so due to legal provisions and/or official or judicial orders. In particular, this may concern giving information for the purpose of, inter alia, criminal prosecution, for hazard prevention, or to enforce intellectual property rights.
11.1.5. The personal information of data subjects will be forwarded without explicit consent to the law enforcement authorities or, if necessary, to injured third parties if this is necessary in the context of clarifying an unlawful use of our services or for the purposes of legal prosecution.
11.2. The providers commissioned by EAI are obliged by EAI to treat the data subject’s data exclusively in accordance with applicable data protection law, be it the Protection of Personal Information Act, or the General Data Protection Regulations, or both.
11.3. Using technical and organizational measures, EAI ensures compliance with data protection obligations and also commits its external service providers to such obligations.
11.4. Where data is transferred to EAI’S service providers, such data will be depersonalised, prior to transfer. Any further transfers of information by EAI will be made strictly in accordance with applicable data protection legislation.
11.5. Further personal data will not be transferred by EAI.
12. WEBSITE PROTECTION
12.1. EAI’S website uses SSL (Secure Sockets Layer) encryption for security reasons and for the protection of the transmission of confidential content. This information could be anything sensitive or personal which can include financial information, names and addresses, including the inquiries data subject’s send to EAI as the site operator.
12.2. Data subjects can recognize an encrypted connection in their browser's address bar when it changes from "http://" to "https://" and the system-specific lock icon is displayed in your browser's address bar.
12.3. If SSL encryption is activated, the data you transmit to EAI cannot be read by third parties.
13. STORAGE OF PERSONAL INFORMATION
13.1. EAI undertakes to secure the integrity and confidentiality of the personal information that is in its possession and under its control, by taking the appropriate reasonable technical and organisational measures to prevent loss, damage, unauthorised destruction, unlawful access, or unlawful processing of the personal information of data subjects. In doing so, EAI shall have due regard to generally accepted applicable or industry information security practices and procedures.
13.2. All information stored by EAI, is stored in compliance with the Protection of Personal Information Act No. 4 of 2013 (as amended from time to time), as well as the GDPR.
13.3. Unless stated otherwise in this Policy, EAI, or its hosting providers, will store the personal information of data subjects on specially secured servers.
13.4. The storage thereof is a technical and organizational measure employed by EAI to protect against loss, destruction, access, alteration or dissemination of your data by unauthorized persons.
13.5. Only authorized persons are able to access the personal information of data subjects. These individuals are responsible for the technical, commercial and editorial supervision of the server. Despite regular inspections, complete protection against all risks is not possible and EAI in no way guarantees complete protection in this regard.
13.6. EAI undertakes to delete the personal data of a data subject when the purpose for the storage thereof is fulfilled.
13.7. However, storage may also take place if this is designated by legal provisions to which EAI is subject, for example in terms of statutory retention periods and documentation obligations.
13.8. In a case such as this, EAI will delete or block the data subject’s personal information following expiry of the relevant retention period.
14. REQUESTS FOR CONSENT TO PROCESS PERSONAL INFORMATION FOR PURPOSES OF DIRECT MARKETING BY ELECTRONIC COMMUNICATION
14.1. Where EAI wishes to process the data subject’s personal information for the purpose of direct marketing by electronic communication it will in terms of section 69(2) of the Act provide the data subject with a request for written consent in a form similar to Form 4 of the Regulations Relating to the Protection of Personal Information, which form may be accessed at –
15. THE RIGHT OF ACCESS TO AND THE RIGHT TO RECTIFY, DELETE OR BLOCK THE INFORMATION COLLECTED BY EAI
15.1. In terms of the Protection of Personal Information Act, data subjects have the following options available in respect of its personal information that EAI processes:
15.1.1. it may inquire, at no cost, whether EAI holds its personal information, as long as it provides EAI with adequate proof of its identity;
15.1.2. where necessary, request the correction, destruction or deletion of its personal information, as per clause 12.1 above;
15.1.3. object to, in terms of clause 6.1 below, restrict or limit the processing of its personal information;
15.1.4. object to the EAI utilising personal information for purposes of direct marketing, in terms of clause 6.1 below;
15.1.5. request that its personal information not be used to send unsolicited emails.
15.2. Data subjects are entitled to exercise any of its rights listed above by sending an email to EAI. Data subjects are advised that the rights detailed above are not absolute, and EAI may be entitled to refuse requests, where exceptions apply. Should EAI determine that a data subject is not entitled to exercise a specific right, EAI will provide it with the reasons in respect thereof.
15.3. EAI hereby provides notification that a data subject who may prove their identity has the right to request confirmation from EAI, free of charge, as to whether it holds personal information on that data subject.
15.4. Where EAI has reasonable doubt as to the identity of the person making an enquiry, it may request additional information in order to confirm the identity of the person, such as an identity document, including a driver’s licence or passport.
15.5. Should EAI hold personal information in respect of a data subject, EAI hereby notifies the data subject further that the data subject may request the record or a description of the personal information about the data subject held by EAI, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.
15.6. Should a data subject require the direct transfer of personal information to another responsible party/controller, EAI will only do so where such transfer is technically feasible and does not carry with it an excessive expense.
15.7. In response to any requests for records or descriptions of personal information about the data subject, EAI undertakes to deliver its response within a reasonable time and in a manner and form which is understandable.
15.8. EAI reserves its rights to charge a fee, in accordance with the prescribed tariff, for the delivery of records or descriptions of personal information and will provide the data subject with a written estimate of such fee, prior to delivery of the record and/or description.
15.9. Although the data subject has a right to request access to personal information from EAI, in certain instances, EAI is obliged to refuse access to personal information based on the grounds contained in the provisions of Chapter 4 of Part 2 and Chapter 4 of Part 3 of the Promotion of Access to Information Act 2 of 2000, as amended.
15.10. In the event that a particular ground of refusal applies, EAI will not provide the data subject access to such personal information.
15.11. Should personal information be disclosed to the data subject in response to any requests as aforesaid, the data subject is hereby notified of its right to request correction, deletion and/or blocking of the personal information, in line with section 24 of the Protection of Personal Information Act 4 of 2013, as amended.
15.12. In terms of the Regulations Relating to the Protection of Personal Information: -
15.12.1. A data subject who wishes to request a correction or deletion of personal information or the destruction or deletion of a record of personal information in terms of section 24(1) of the Protection of Personal Information Act, must submit a request to the responsible party on Form 2 (http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf).
15.12.2. EAI, or a designated person, must render such reasonable assistance, as may be necessary and free of charge, to enable a data subject to complete Form 2.
15.13. Please feel free to contact EAI at any time should the data subject have any further questions in respect of personal information.
16. REVOCATION OF CONSENT AND RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL INFORMATION
16.1. Data subjects are hereby informed that they may revoke their consent to EAI processing their personal information at any time by simply sending an email to EAI.
16.2. Withdrawing consent will not affect the lawfulness of the processing that was carried out by EAI between the time of consent and withdrawal.
16.3. Both EAI’S customer service and EAI’S data protection/information officer are contact persons for this matter.
16.4. Insofar as processing the CUSTOMER’S personal data is not based on consent but another legal basis, the CUSTOMER can object to this data processing.
16.5. EAI hereby provides notification that data subjects may, in terms of section 11(3)(a) of the Protection of Personal Information Act, object, at any time, to the processing of personal information, where EAI processes personal information: -
16.5.1. In order to protect a legitimate interest of the data subject;
16.5.2. Where processing is necessary for the proper performance of public law duty by a public body; and
16.5.3. Where processing is necessary for pursuing the legitimate interests of the responsible party, or of a third party to whom the information is supplied.
16.6. In terms of the Regulations Relating to the Protection of Personal Information: -
16.6.1. A data subject who wishes to object to the processing of personal information, in terms of section 11(3)(a) of the Protection of Information Act, must submit the objection to the responsible party in a form similar to form 1;
16.6.2. The Form 1 document may be accessed at http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf.
16.7. EAI, or a designated person, undertakes to render such reasonable assistance as is necessary, free of charge, to enable the data subject to make an objection on Form 1.
16.8. Any objections by a data subject must be based on reasonable grounds relating to the data subject’s particular situation, unless legislation provides for such processing in which case EAI shall continue to process such personal information in compliance with its legislative obligations.
16.9. In the absence of such legislative obligations, EAI will review and, if necessary, terminate the processing of such personal information or data.
16.10. Data subjects will be informed of the results of the review and receive – if the data processing is to continue nevertheless – detailed information from EAI about why data processing is permitted.
16.11. In addition, data subjects may, at any time, object to the processing of personal information for the purposes of direct marketing in terms of section 11(3)(b) of the Protection of Personal Information Act.
16.12. EAI hereby objects to the use of EAI’s contact information, as contained in this Policy, or EAI’S Manual in terms of section 51 the Promotion of Access to Information Act, to send unsolicited advertising and information materials.
16.13. EAI reserves its right to take appropriate legal action in the event of EAI receiving unsolicited advertising material and/or spam emails.
17.2. If a data subject believes that the processing of the data subject’s personal data by EAI is not in line with this Policy or the applicable data protection requirements, data subjects can complain to EAI’S data protection officer.
17.3. The data protection officer will then review the matter and inform the data subject of the result of the review.
17.4. Furthermore, data subjects also have the right to complain to the relevant Regulatory Authority.
17.5. Should data subjects have reasonable grounds to believe that their personal information has been accessed or acquired by any unauthorised person, they shall notify EAI in writing of such belief, and grounds upon which such belief is based, without delay.
17.6. Upon notification, EAI shall, as soon as is reasonably possible and lawfully required, notify the applicable regulator/s, as well as the data subject, unless it is unable to ascertain the personal information that has been unlawfully accessed.
18. RIGHT TO LODGE A COMPLAINT TO THE COMPETANT REGULATORY AUTHORITIES
18.1. Data subjects may submit a complaint to the Regulator in the prescribed manner and form, alleging interference with the protection of the personal information of a data subject.
18.2. In terms of the Regulations Relating to the Protection of Personal Information, any person who wishes to submit a complaint must submit such a complaint to the Information Regulator on Part I of Form 5.
18.2.1. The Form 5 document may be accessed at http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf.
18.3. The available contact details of the Information Regulator are recorded as follows: -
18.3.1. Address: 33 Hoofd Street, Forum III, 3rd Floor Braampark, Braamfontein, Johannesburg;
18.3.2. Email: email@example.com.
19. DATA PROTECTION/INFORMATION OFFICER AND CONTACT
EAI’S data protection/Information officer and their team are available for questions related to EAI’S handling of personal information or more information on issues relating to data protection and may be contacted using the details provided below:
19.1. Address: 300 Acacia Road, Darrenwood, Randburg, 2194
19.2. Email: firstname.lastname@example.org