wanderers club PRIVACY NOTICE REGARDING THE PROTECTION OF PERSONAL INFORMATION ACT (POPIA) 3

PRIVACY NOTICE REGARDING THE PROTECTION OF PERSONAL INFORMATION ACT (POPIA)

– last updated 30 June 2021

INTRODUCTION

The Wanderers Club formed as an association of members in 1888 to provide facilities for sport,  recreation, and conferences. It is governed by a Constitution and managed by a centralised administration staff complement overseen by a Committee consisting of elected members.  It provides sporting facilities to 14 sports Sub-clubs and has contracts with outsourced service providers for its Food and beverage, banqueting, security and grounds maintenance.  Its stakeholders consist of members, employees, suppliers and tenants. As part of managing the business and creating value for its stakeholders the Club is required to process and maintain personal information (PI) and protect it according to the requirements of the Protection of Personal Information Act 4 of 2013, (POPI Act).

This Notice constitutes The Wanderers Club’s Privacy Policy stating our commitment to comply with the POPI Act when collecting, processing, storing and protecting your personal information.  In doing this, we apply the 8 information protection principles that govern the processing of PI.

  • Accountability -We comply fully with the POPI Act by obtaining your PI in a fair and lawful manner
  • We use Minimality in obtaining only the necessary PI with your consent
  • Purpose specification – we have a specific, lawful purpose for collecting the data
  • Further processing limitation – there is no further processing beyond the scope that was agreed
  • Information Quality – We endeavour to keep the information complete, accurate, not misleading and up to date
  • Openness – We ensure that you are fully informed about how we use your PI before you consent to its collection and processing
  • Security safeguards are put in place to ensure that data is not lost, damaged, destroyed or accessed without authorization.
  • We facilitate your Participation in accessing and correcting your PI.

WHAT AND HOW IS PERSONAL INFORMATION (PI) COLLECTED

Personal information relates to an identifiable natural person or an identifiable existing juristic person. The PI we collect in the ordinary course of business includes:

  1. Information which is necessary and relevant to enable us to effectively render a service to our members, employees, suppliers and tenants such as name, surname, identity number (where applicable), gender, membership number, registration number, date of birth, contact details, addresses, next of kin, sport preferences, medical history (if applicable) and banking details (if applicable).
  2. Electronic, postal and verbal communications
  3. Information submitted to us when recruiting employees
  4. Information collected through technologies such as Cookies which are text files with small pieces of data — like a username and password — that are used to identify your computer while you use a computer network. Cookies make web surfing and browsing easier by saving your preferences.If you elect to decline Cookies, not all elements of the website may function as intended, so your website experience may be affected.
  5. Other information gathered when you visit the Wanderers Club website, including the type of browser and operating system that you use, the number of access times, pages viewed, URLs clicked on, and your IP address.
  6. Social media-tracking pixel tags that allow platforms such as Facebook, Instagram and Twitter to interact with the Wanderers Club website and give feedback on the usage.We use Google Analytics to help us get a better understanding of how visitors use our website.
  7. Device information, including the unique device identifier, hardware model, operating system and version and mobile network information.
  8. Public PI collected when monitoring other websites or digital conversations on public platforms for the assimilation of people’s opinions about our Club or the hospitality industry in general.
  9. PI collected when participating in a competition, prize draw or survey or when an incident or adverse event associated with one of our services is reported.

PURPOSE OF COLLECTING PI

The purpose we collect your PI is to enable us to render a service to you.  We may use PI for these purposes:

  1. To process and manage applications for membership. Membership categories are linked to member’s age, length of membership and sporting activities. The way we process the PI could be by recording, storage, updating, retrieval, alteration, use, dissemination, transmission, distribution, merging, linking, or destruction of information.
  2. To communicate with members, tenants, service providers, suppliers and employees regarding online and actual events, press releases, job vacancy posts, publishing of financial results, direct marketing communications (with consent), notices and updates, changes to terms, standard operating procedures (SOPs), policies, security alerts and administrative messages. There will be times when you will be given the opportunity to opt out of certain communications.
  3. For security checks such as screening visitors through CCV footage, conducting searches for dangerous weapons and completing the attendance register to ensure that only authorised persons enter the premises of the Club.
  4. For the performance of a contract in order to fulfil statutory requirements.
  5. When complying with applicable laws and with orders made by regulators, courts and law enforcement authorities. These include adherence to the Covid-19 protocols.
  6. For auditing, data analysis, research, and analysing trends, usage and activities on digital platforms in order to improve the Club’s day-to-day operations and services.

DISCLOSURE AND PROTECTION OF YOUR PI

We use a variety of security measures and technologies to protect PI from unauthorised access, use, disclosure, alteration or destruction in line with the POPI Act.

  1. We have adopted a Privacy Awareness Culture where our employees are trained on an ongoing basis to treat your information as confidential.
  2. We may share your PI with the following third parties in order to monitor and analyse the use of our service and to communicate with you:
    • The Wanderers Club service providers, including those who provide it with technology services such as data analytics, hosting and technical support
    • The Wanderers Club’s professional advisors, auditors and relevant sports associations
    • Regulators, governments and law enforcement authorities
    • Other third parties, if necessary, when re-structuring all or any part of The Wanderers Club’s business.

3. If it becomes necessary to share personal information with a third party, we shall limit it to the minimum required. We have put in place Non-Disclosure agreements with third parties who might have access to your PI and require them to institute appropriate security measures to keep it secure.

4. When you share PI or otherwise interact in the public areas with other users, such PI may be viewed by all users and may be publicly distributed outside. We have no control of this.

5. The transmission of information to us via the internet or a mobile phone network connection may not be completely secure and where possible we will put the necessary safeguards to eliminate or minimise the risks.

6. Our IT systems are on the Cloud and our IT service provider uses firewalls, password access and encryption methods, however there are always risks that PI may be accessed by an unauthorised third party as a result of an illegal activity.

7. If you use our links to websites or mobile applications that we do not own or control you will need to first review their privacy policies as this Notice does not apply to them.  We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

8. All due diligence will be undertaken for safeguarding PI and while we strive to use commercially acceptable means to protect your PI, we cannot guarantee its absolute security.

9. If a data breach happens, we will inform the Information Regulator and those involved as soon as possible unless law enforcement officials advise us to delay so as not to hamper their investigations.

CHILDREN’S PRIVACY

We do not deal directly with anyone under the age of 13 and we do not knowingly collect personally identifiable information from anyone under the age of 13. All PI is provided to us by the children’s parents or legal guardians. If You are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our database.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we will require your parent’s consent before we collect and use that information.

FOR HOW LONG IS PI KEPT

Our data retention policy is to keep PI for the period required by law or according to statutory requirements to assist in any investigations.

PI will be stored for as long as necessary in order to provide members and other stakeholders with access to services, resolve disputes and enforce our legal agreements and policies.  Certain PI such as member name, surname, member number, date of election, and birthday will be kept on the database indefinitely for historical, statistical and research purposes but contact information and member application forms will be deleted or destroyed once a member resigns or is deceased.

We will also retain usage data for internal analysis for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain this data for a longer period.

 TRANSFER OF YOUR PI

Your PI may be processed by us or our third-party service providers outside your home country. PI laws in the countries to which PI is transferred may not be equivalent to, or as protective as, the laws in your home country.

Your consent to this Privacy Policy followed by your submission of your personal information represents your agreement to that transfer.

We will implement appropriate and reasonable measures to ensure that your PI remains protected and secure when it is transferred outside your home country, in accordance with applicable PI protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses.

YOUR RIGHTS REGARDING PI

You will be entitled to:

  1. Request The Wanderers Club for access to the PI it holds about you
  2. Request the correction and/or deletion of your PI
  3. Request the restriction of the processing of your PI, or object to its processing
  4. Withdraw your consent to the processing of your PI if it was previously given
  5. Withdraw your consent to receive direct marketing messages or communication e-mails by OPTING-OUT or UNSUSCRIBING.However, you may not opt out of certain communication eg. Account statements.
  6. Request for the receipt or the transfer to another organisation, in a digital form, of the PI that you have provided
  7. If you believe we are using your information unlawfully, you may lodge a complaint to the Information Regulator (South Africa) at Tel 012 406 4818 or [email protected].

WHAT YOU SHOULD DO IF NOT WILLING TO PROVIDE YOUR PI

If you are given the option to share your PI with The Wanderers Club, you can always elect not to do so. If you object to the processing of PI, or you have provided consent to processing and later choose to withdraw it, the Club will comply with your request in accordance with its legal obligations.

CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Notice from time to time. We will notify you by e-mail of any changes to our Privacy Notice prior to the change becoming effective and include the “Last updated” date at the top.

You are advised to review this Privacy Notice periodically for any changes as they become effective when they are posted on this page.

CONTACT US

By providing the Wanderers Club with your PI you consent to its processing which includes its transfer as set out in this Notice.

The registered Information Officer, who is the person responsible for compliance with the conditions for the lawful processing of PI and dealing with any matters relating to the POPI Act, is the CEO.  In case of questions regarding this Notice the Information Officer can be contacted on [email protected].