1.   Data Protection

1.1.  By either Party submitting any personal information to the other, the Disclosing Party unconditionally and voluntarily, consents to the processing of the submitted personal information for the following purposes

1.1.1  Marketing;

1.1.2.  Account Processing;

1.1.3.  Demographic Data;

1.1.4.  To respond to any communications, queries or requests for information or services from you, howsoever received;

1.1.5.  To receive and process financial information;

1.1.6.  For auditing purposes;

1.1.7.  For procurement of services;

1.1.8.  To comply with our legal or regulatory obligations; and

1.1.9.  To establish, exercise or defend legal claims.

1.2.  The Parties agrees and consent that its personal information may be processed by, or on behalf of either of the Parties for the purposes set out above.  

1.3.  The Parties shall at all times comply with its obligations and procure that each of its Affiliates comply with their obligations under POPI.  

1.4.  The Parties shall implement and maintain an effective security safeguards that includes, but is not limited to administrative, technical, and physical safeguards, and appropriate technical and organisational measures, in each case, adequate to insure the security and confidentiality of personal information, and to protect against any anticipated risks to the security or integrity of personal information,
protect against unauthorized access to or use of personal information, protect personal information against unlawful processing or processing otherwise than in accordance with this agreement, and protect against accidental loss, destruction, damage, alteration or disclosure of personal information. 

2.   Without limiting the foregoing, such safeguards and measures shall be appropriate to protect against the harm that may result from unauthorised or unlawful processing, use or disclosure, or accidental loss, destruction, or damage to or of Personal Information and the nature of the personal information, and shall maintain all safeguard measures as is required by POPI.  

2.1.  In the event of any actual, suspected, or alleged security breach, including, but not limited to, loss, damage, destruction, theft, unauthorized use, access to or disclosure of any personal information, each Party shall: 

2.1.1.   notify the other Party as soon as practicable after becoming aware of such event. 

2.1.2.   provide the other Party will all information regarding the breach in the Party’s knowledge and possession to allow the Party to ascertain what has occurred and which personal information has been affected.  

2.1.3.   promptly take whatever action is necessary, at each Party’s own expense, to minimise the impact of such event and prevent such event from recurring. 

3.   Further information on how the Company processes Personal Information is available in our Privacy Policy

4.   The Parties hereby consents to the Company sharing the personal information as provided for herein cross border. Should the Supplier’s personal information be shared cross border, the personal information will not be subject to less protection than it enjoys in terms of South Africa’s data privacy laws.

5.   The Parties hereby consents to the Company processing any special information provided herein, in Terms of Section 26 of POPI.

5.1  Processing of trade union membership in order for trade union fees to be paid and to give effect to the employee’s labour law rights.

5.2  Processing race or ethnic origin for BBBEEE any related purposes.

5.3  Processing biometric information for safety and security purpose