This Privacy Notice sets out:
- Your rights for how we treat your personal information
- How we protect your personal information
- The personal information that we collect
- The way we use your personal information
- Who we share your personal information with
- How you can access your personal information
- Links to third-party website
- Accountability – we comply fully with the POPI Act by obtaining and using your personal information in a fair and lawful manner.
- Processing limitation – we collect the least amount of personal information that we need to perform the purpose of processing it and we collect it from you direct, other than in exceptional, legitimate instances.
- Purpose specification – we have a specific, lawful purpose for collecting your personal information and we inform you of that purpose.
- Further processing limitation – we may only use the same personal information for additional (further) processing if the new purpose is compatible with the original purpose that we processed the information.
- Information Quality – we endeavour to keep your personal information complete, accurate, not misleading and up to date.
- Openness – we ensure that you are fully informed about how we use your personal information before you consent to its collection and processing.
- Security safeguards – we put technical and operational measures in place to ensure that your personal information is not accessed without authorisation, lost, damaged, or destroyed.
- Participation – if you ask, we will tell you what personal information we hold about you, and we will correct any inaccurate information
ABOUT THE PERSONAL INFORMATION THAT WE COLLECT
Personal information is information that can identify a person or organisation, either on its own, or when it’s combined with other information about that person or organisation.
You do not have to give us your personal information but if you do not give us the personal information that we need, we will not be able to perform according to our contract with you, whether as a Member, an employee, a supplier or a tenant.
The personal information that we collect in the ordinary course of business includes:
- Information about you that we need to provide our services, including:
- Information contained in the electronic, postal and verbal communications between you and us.
- Information that we gather when you visit the Wanderers Club website, including the type of browser and operating system that you use, the number of times you access the website, the pages you view, the URLs that you click on, and your IP address.
- Information that we collect through cookies. A cookie is a small string of text that a website puts on your device’s browser. It saves information on your browser about your visit to the site. It has a unique identifier (for example, cookie #123456). This helps the website to associate you with later visits to the same site and makes your websurfing and browsing of our website easier by saving your preferences.
- Social media-tracking pixel tags that allow platforms such as Facebook, Instagram and Twitter to interact with the Wanderers Club website and give feedback on the usage. We use Google Analytics to help us get a better understanding of how visitors use our website.
- Public personal information that we collect when monitoring other websites or digital conversations on public platforms to assimilate people’s opinions about the Club or the hospitality industry in general.
- Information that we collect when you take part in a competition, prize draw or survey with the Club.
- Information that we collect to investigate an incident or complaint associated with one of our services.
PURPOSE OF COLLECTING PERSONAL INFORMATION
The purpose that we collect your personal information is to enable us to provide a service to you. We may use your personal information to:
- Process and manage your application for membership and to administer your involvement with the Club.
- Tell you about matters relating to your membership and the Club, including but not limited to changes to the Constitution the Club, policies and procedures that you must be aware of, notices of meetings and annual general meetings, publishing of financial results, changes in the membership rates, security alerts and administrative messages.
- Communicate with you about virtual and actual events and to send press releases.
- If you ticked ‘Yes’ to consent to us sending you information about services (direct marketing messages) that may benefit you, we may send you that information electronically, for example, by email, SMS or WhatsApp. You always have the right to opt out, even where you have given your consent previously. Every marketing message that we send to you direct includes a way to opt out. Generally, we give you the option to ‘unsubscribe’ from receiving more marketing information.
- Notify you of job vacancies and recruit employees
- Enter into and perform in terms of an employment contract with you
- Ensure occupational health and safety compliance
- Conduct workplace training programmes
- Monitor remote working arrangements
- Conduct disciplinary investigations and hearings
- Enter into and perform in terms of a lease agreement with you
- Ensure compliance with all Landlord and Tenant legislation and regulations
- Engage tracing agents where necessary
- Enter into and manage a supply or service level agreement with you
For Members, Employees, Tenants and Suppliers
- Deal with your requests and enquiries.
- Carry out security checks such as screening visitors through CCV footage, conducting searches for dangerous weapons and completing the attendance register to ensure that only authorised people enter the premises of the Club.
- Contact you for in case of emergency.
- Use your IP address to monitor traffic and gather browsing behaviours of visitors to our website. We will not use your IP address to identify you in any way.
- Create results for competitions that include categories for different ages groups.
- Perform under a contract or to fulfil statutory requirements.
- Comply with applicable laws and with orders made by regulators, courts, and law enforcement authorities. These include adherence to the Covid-19 protocols.
- Audit, analyse data, conduct research, and analyse trends, usage, and activities on digital platforms in order to improve the Club’s day-to-day operations and services.
WHEN WE MAY DISCLOSE YOUR PERSONAL INFORMATION TO THIRD PARTIES
With your consent
- We shall only share your information with others who have a duty to keep it secure and confidential, and where we have a lawful reason for doing so. We shall share only the minimum personal information for the purposes of the disclosure. You hereby consent to us sharing personal information:
- Our business support staff so that they can administer your file, manage the accounts, and keep your records up to date.
- The Wanderers Club’s professional advisors, auditors and relevant sports associations.
- The main committee and subcommittees, where relevant
- Other third parties, if necessary, when restructuring all or any part of The Wanderers Club’s business.
- External service providers, for example, example IT service providers, data storage, web-hosting and server providers, and administrators. We shall have a data protection agreement in place between ourselves and any entity that processes personal information on our behalf. The contract will require the third party to:
- Process personal information only with our knowledge or authorisation;
- Put in place and maintain effective confidentiality and security measures;
- Inform us immediately of any security breaches.
- Services providers outside of South Africa where either the privacy laws provide similar or more stringent data protection to POPIA, or we have a contract in place with the service provider stipulating that they protect personal information to the same standards as if they were in South Africa.
Without your consent
We may share your personal information without your consent if:
- we have a legitimate business interest (for example, engaging services of a tracing agent or collections agency to follow up unpaid debts)
- We are required to do by law, regulation or court order.
WHEN WE MAY PROCESS THE PERSONAL INFORMATION OF CHILDREN
- We do not deal directly with anyone under the age of 18 and we do not knowingly collect personally identifiable information from anyone under the age of 18. All personal information about children must be provided to us by the children’s parents or legal guardians. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from anyone under the age of 18 without checking that we have parental consent, we will immediately take steps to remove that information from our database.
- We may only process personal information of children under 18 in the following circumstances:
- We have the consent of the child’s parent or legal guardian
- If the child has already made the personal information public with the consent of their parent or guardian
- To decide if a child has rights, for example, under the Children’s Act
- If the information is to be used in an anonymized way for research, statistical or historical purposes
- To comply with international law
- The Information Regulator authorises it in exceptional circumstances
MEASURES TO PROTECT YOUR PERSONAL INFORMATION
We use various security measures and technologies to protect personal information from unauthorised access, use, disclosure, alteration, or destruction in line with POPIA.
- We have adopted a Privacy Awareness Culture where our employees are trained on an ongoing basis to treat your information as confidential.
- We have put in place data protection agreements with third parties with whom we share personal information and require them to institute appropriate security measures to keep it secure.
- The transmission of information to us via the internet or a mobile phone network connection may not be completely secure and where possible we will put the necessary safeguards to eliminate or minimise the risks.
- Our IT systems are on the Cloud and our IT service provider uses firewalls, password access and encryption methods; however, there are always risks that personal information may be accessed by an unauthorised third party through illegal activity. You accept these risks when you apply for membership, employment, tenancy or enter a supply agreement with us.
- If you use our links to websites or mobile applications that we do not own or control you will need to first review their privacy policies as this Notice does not apply to them. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
- We will carry out all due diligence for safeguarding personal information; however, we cannot guarantee its absolute security.
- If a data breach happens, we will inform the Information Regulator and those involved as soon as possible unless law enforcement officials advise us to delay so as not to hamper their investigations.
- When you share personal information or otherwise interact in the public areas with other users, such personal information may be viewed by all users and may be publicly distributed outside. We have no control of this.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
Our data retention policy is to keep personal information for the period required by law or according to statutory requirements to help in any investigations.
We will store your personal information for as long as necessary to provide you with access to services, resolve disputes and enforce our legal agreements and policies. Certain personal information such as member name, surname, member number, date of election, and birthday will be kept on the database indefinitely for historical, statistical and research purposes but contact information and member application forms will be deleted or destroyed on resignation or death.
We will also keep usage data for internal analysis for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain this data for a longer period.
TRANSFER OF YOUR PERSONAL INFORMATION OUTSIDE SOUTH AFRICA OR TO THE CLOUD
We use third-party providers who provide services that involve processing personal information outside of South Africa or in the Cloud. We will ensure that any third party that we transfer personal information to protects it in the same way as if it was being used in South Africa. This means that the third party is subject to either a law or a contract that upholds principles of reasonable processing of the information and that is substantially similar to the principles contained in POPIA and any Cloud Data Policy that may come into effect.
You consent to our transferring personal information to third-party providers outside of South Africa or to the Cloud for the purposes of storing personal information.
YOUR RIGHTS FOR YOUR PERSONAL INFORMATION
You have the right to:
- Ask us for access to the personal information we hold about you
- Ask us to correct inaccurate information
- Ask us to delete your personal information (there may be limits on when we can do this but we will let you know at the time you ask.
- Object to or ask us to restrict the processing of your personal information
- Withdraw your consent to the processing of your personal information if it was previously given. This does not invalidate processing we carried out with your consent previously.
- Withdraw your consent to receiving direct marketing messages or communication emails by OPTING OUT or UNSUSCRIBING. However, you may not opt out of certain communication e.g., Account statements.
- Ask us to digitally receive or send your personal information to another organisation
- If you believe we are using your information unlawfully, you may lodge a complaint to the Information Regulator (South Africa) at Tel 012 406 4818 or [email protected].
Please review our Privacy Notice from time to time for any changes because they become effective when they are posted on this page.
By providing the Wanderers Club with your personal information you consent to us processing it, including transferring it outside of South Africa, as set out in our Privacy Notice.
The registered Information Officer, who is the person responsible for compliance with the conditions for the lawful processing of personal information and dealing with any matters relating to the POPI Act, is the CEO. In case of questions regarding this Notice the Information Officer can be contacted on [email protected].