OVERVIEW OF CENTAPOS CENTAPOS is a business service provider in the Republic of South Africa. CENTAPOS prides itself in offering customers sustainable connectivity solutions.
DEFINITIONS In this document, references to CENTAPOS (PTY) LTD and / or CBNS are to CENTAPOS. Confirmation as to whether this privacy notice applies to a specific company associated with CENTAPOS Limited can be sought through the contact details provided in this privacy notice. Any product or service offered to a customer by any company in CENTAPOS is referred to as a solution in this document. In this notice “process” means how CENTAPOS collects, uses, stores, makes available, destroys, updates, discloses, or otherwise deals with customers’ personal information. As a general rule, CENTAPOS will only process customers’ personal information if this is required to deliver or offer a solution to a customer. CENTAPOS respects customers’ privacy and will treat their personal information confidentially. CENTAPOS may combine customers’ personal information and use the combined personal information for any of the purposes stated in this notice.
RESPONSIBLE PARTY AND OPERATOR CENTAPOS is the responsible party together with its subsidiary companies. These parties or companies are responsible for determining why and how CENTAPOS will use customers’ personal information. When a customer uses any CENTAPOS solution, the responsible party will be the company which the customer engages to take up the solution, acting jointly with the other companies within CENTAPOS. It will be clear to customers from the documentation they receive when using or taking up a solution who the responsible party is who should be contacted in the first instance. Where CENTAPOS is the responsible party, its subsidiary companies, will be the operator who processes personal information for CENTAPOS in terms of a contract or mandate, without coming under the direct authority of that party.
WHAT IS PERSONAL INFORMATION? Personal information refers to any information that identifies a customer (including juristic entity) or specifically relates to a customer. Personal information includes, but is not limited to, the following information about a customer: marital status (married, single, divorced); national origin; age; language; birth; education; employment history and your current employment status (for example when a customer applies for credit); gender or sex (for statistical purposes as required by the law); identifying number (e.g. an account number, identity number or passport number); e-mail address; physical address (e.g. residential address, work address or physical location); telephone number; information about your location (e.g. geolocation or GPS location); · online identifiers; social media profiles; biometric information (e.g. fingerprints, signature or voice); · race (for statistical purposes as required by the law); confidential correspondence; or another’s views or opinions about a customer and a customer’s name also constitute personal information.
WHAT IS SPECIAL PERSONAL INFORMATION? Special personal information, includes the following personal information about a customer: religious and philosophical beliefs (for example where a customer enters a competition and is requested to express a philosophical view); race (e.g. where a customer applies for a solution where the statistical information must be recorded); ethnic origin; trade union membership; political beliefs; biometric information (e.g. to verify a customer’s identity); or criminal behaviour where it relates to the alleged commission of any offence or the proceedings relating to that offence.
PROCESSING CUSTOMERS’ PERSONAL INFORMATION CENTAPOS may process customers’ personal information for the reasons outlined below. 7.1. If it is necessary to conclude or perform under a contract CENTAPOS has with a customer or to provide a solution to a customer. This includes: assess and process applications for solutions; to assess CENTAPOS’s lending and insurance risks; to conduct affordability assessments, credit assessments and credit scoring; to provide a customer with solutions they have requested; to open, manage and maintain customer accounts or relationships with CENTAPOS; to enable CENTAPOS to deliver goods, documents or notices to customers; to communicate with customers and carry out customer instructions and requests; to respond to 2 customer enquiries and complaints; to enforce and collect on any agreement when a customer is in default or breach of the terms and conditions of the agreement, such as tracing a customer, or to institute legal proceedings against a customer; to disclose and obtain personal information from credit bureaux regarding a customer’s credit history; to meet record-keeping obligations; to conduct market and behavioural research, including scoring and analysis to determine if a customer qualifies for solutions, or to determine a customer’s credit or insurance risk; to enable customers to participate in and make use of value-added solutions; for customer satisfaction surveys, promotional and other competitions; for security and identity verification, and to check the accuracy of customer personal information; or for any other related purposes. 7.2. Law – CENTAPOS may process customers’ personal information if the law requires or permits it. This includes: to comply with legislative, regulatory, risk and compliance requirements (including directives, sanctions and rules); to comply with voluntary and involuntary codes of conduct and industry agreements; to fulfil reporting requirements and information requests; to process payment instruments and payment instructions (such as a debit order); to create, manufacture and print payment instruments and payment devices (such as a debit card); to meet record-keeping obligations; to detect, prevent and report theft, fraud, money laundering, corruption and other crimes. This may include the processing of special personal information, such as alleged criminal behaviour or the supply of false, misleading or dishonest information when opening an account with CENTAPOS, or avoiding liability by way of deception, to the extent allowable under applicable privacy laws. This may also include the monitoring of our buildings including CCTV cameras and access control. 7.3. Legitimate interest – CENTAPOS may process customers’ personal information in the daily management of its business and finances and to protect CENTAPOS’s customers, employees, service providers and assets. It is to CENTAPOS’s benefit to ensure that its procedures, policies and systems operate efficiently and effectively. CENTAPOS may process customers’ personal information to provide them with the most appropriate solution and to develop and improve solutions and CENTAPOS’s business. CENTAPOS may process a customer’s personal information if it is required to protect or pursue their, CENTAPOS’s or a third party’s legitimate interest. If a customer is a juristic person, such as a company or close corporation, CENTAPOS may collect and use personal information relating to the juristic person’s directors, officers, employees, beneficial owners, partners, shareholders, members, authorised signatories, representatives, agents, payers, payees, customers, guarantors, spouses of guarantors, sureties, spouses of sureties, other security providers and other persons related to the juristic person. These are related persons. If customers provide the personal information of a related person to CENTAPOS, they warrant that the related person is aware that they are sharing their personal information with CENTAPOS, and that the related person has consented thereto. CENTAPOS will process the personal information of related persons as stated in this notice, thus references to “customer/s” in this notice will include related persons with the necessary amendments.
PROCESSING CUSTOMERS’ SPECIAL PERSONAL INFORMATION? CENTAPOS may process customers’ special personal information in the following circumstances, among others: if the processing is needed to create, use or protect a right or obligation in law; if the processing is for statistical or research purposes, and all legal conditions are met; if the special personal information was made public by the customer; · if the processing is required by law; if racial information is processed and the processing is required to identify the customer; if health information is processed, and the processing is to determine a customer’s insurance risk, or to comply with an insurance policy, or to enforce an insurance right or obligation; or if the customer has consented to the processing.
PROCESSING THE PERSONAL INFORMATION OF CHILDREN? A child is a person who is defined as a child by the country’s law, and who has not been recognised as an adult by the courts. CENTAPOS may process the personal information of children if any one or more of the following applies: a person with the ability to sign legal agreements has consented to the processing, being the parent or guardian of the child; the processing is needed to create, use or protect a right or obligation in law, such as where the child is an heir in a will, a beneficiary of a trust, a beneficiary of an insurance policy or an insured person in terms of an insurance policy; the child’s personal information was made public by the child, with the consent of a person who can sign legal agreements; the processing is for statistical or research purposes and all legal conditions are met; where the child is legally old enough to open a bank account without assistance from their parent or guardian; where the child is legally old enough to sign a document as a witness without assistance from their parent or guardian; or where the child benefits from a bank account such as an investment or savings account and a person with the ability to sign legal agreements has consented to the processing.
WHEN, AND FROM WHERE, DOES CENTAPOS OBTAIN PERSONAL INFORMATION ABOUT CUSTOMERS? We collect information about customers: directly from customers; based on customers’ use of CENTAPOS solutions or service channels (such as CENTAPOS website, applications, including both assisted and unassisted customer interactions) as applicable; based on how customers engage or interact with CENTAPOS, such as on social media, and through emails, letters, telephone calls and surveys; based on a customer’s relationship with CENTAPOS; from public sources (such as newspapers, company registers, online search engines, deed registries, public posts on social media); from technology, such as a customer’s access and use including both assisted and unassisted interactions (e.g. on CENTAPOS’s website and mobile applications) to access and engage with CENTAPOS’s platform; customers’ engagement with CENTAPOS advertising, marketing and public messaging; and from third parties that CENTAPOS interacts with for the purposes of conducting its business (such as partners, reward partners, list providers, Bank, credit bureaux, regulators and government departments or service providers). CENTAPOS collects and processes customers’ personal information at the start of, and for the duration of their relationship with CENTAPOS. CENTAPOS may also process customers’ personal information when their relationship with CENTAPOS has ended, as required by law. CENTAPOS may also collect customers’ personal information from third parties (which may include parties CENTAPOS engages with as independent responsible parties, joint responsible parties or operators), these third parties may include, but are not limited to, the following: any connected companies, subsidiary companies, its associates, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; people the customer has authorised to share their personal information, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, banks and 3 other persons that assist with the processing of customers’ payment instructions, such as card scheme providers (including VISA or MasterCard; law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities; · credit bureaux; · financial services exchanges; qualification information providers; trustees, executors or curators appointed by a court of law; CENTAPOS’s service providers, agents and subcontractors, such as couriers and other persons CENTAPOS uses to offer and provide solutions to customers; courts of law or tribunals; participating partners, whether retail or online; CENTAPOS’s joint venture partners; marketing list providers; social media platforms; or online search engine providers.
REASONS WHY CENTAPOS MAY FURTHER USE OR PROCESS CUSTOMERS’ PERSONAL INFORMATION At the time that CENTAPOS collects personal information from a customer, it will have a reason or purpose to collect that personal information. In certain circumstances, however, CENTAPOS may use that same personal information for other purposes. CENTAPOS will only do this where the law allows it to, and the other purposes are compatible with the original purpose/s applicable when CENTAPOS collected the customer’s personal information. CENTAPOS may also need to request a customer’s specific consent for the further processing in limited circumstances. Examples of these other purposes are included in the list of purposes set out in section 7 above. CENTAPOS may also further use or process a customer’s personal information if: the personal information about the customer was obtained from a public record, like the deed’s registry; the customer made the personal information public, like on social media; the personal information is used for historical, statistical or research purposes, the results will not identify the customer; proceedings have started or are contemplated in a court or tribunal; it is in the interest of national security; · if CENTAPOS must adhere to the law, specifically tax legislation; or the Information Regulator has exempted the processing. CENTAPOS may also further use or process a customer’s personal information if the customer has consented to it or in the instance of a child, a competent person has consented to it. Any enquiries about the further processing of customer personal information can be made through CENTAPOS’s Information Officer, contact details as set out in this document below.
THE USE OF CUSTOMERS’ PERSONAL INFORMATION FOR MARKETING CENTAPOS will use customers’ personal information to market business products, services and other related solutions to them . CENTAPOS will do this in person, by post, telephone, or electronic channels such as SMS, email and fax. If a person is not a CENTAPOS customer, or in any other instances where the law requires, CENTAPOS will only market to them by electronic communications with their consent. In all cases, a person can request CENTAPOS to stop sending marketing communications to them at any time.
WHEN WILL CENTAPOS USE CUSTOMERS’ PERSONAL INFORMATION TO MAKE AUTOMATED DECISIONS ABOUT THEM? An automated decision is made when a customer’s personal information is analysed without human intervention in that decision-making process. CENTAPOS may use a customer’s personal information to make an automated decision as allowed by the law. An example of automated decision making is the approval or declining of a credit application when a customer applies for a rental product. Customers have the right to query any such decisions made, and CENTAPOS will provide reasons for the decisions as far as reasonably possible.
WHEN, HOW, AND WITH WHOM DOES CENTAPOS SHARE CUSTOMERS’ PERSONAL INFORMATION? In general, CENTAPOS will only share customers’ personal information if any one or more of the following apply: if the customer has consented to this; if it is necessary to conclude or perform under a contract we have with the customer; if the law requires it; or if it is necessary to protect or pursue the customer’s, CENTAPOS’s or a third party’s legitimate interest. When support requests have to be logged with upstream providers. Where required, each member of CENTAPOS may share a customer’s personal information with the following persons, which may include parties that CENTAPOS engages with as independent responsible parties, joint responsible parties or operators. These persons have an obligation to keep customers’ personal information secure and confidential: members of CENTAPOS, any connected companies, subsidiary companies, associates, cessionaries, delegates, assignees, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this notice; CENTAPOS’s employees, as required by their employment conditions; · the customer’s spouse, dependants, partners, employer, joint applicant or account holder and other similar sources; people the customer has authorised to obtain their personal information, such as a person that makes a travel booking on the customer’s behalf, or a medical practitioner for insurance purposes; attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements; payment processing services providers, merchants, banks and other persons that assist with the processing of customer payment instructions, such as card scheme providers (including VISA or MasterCard); aw enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime; regulatory authorities, industry ombudsmen, government departments, and local and international tax authorities and other persons the law requires CENTAPOS to share customer personal information with; credit bureaux; qualification information providers; · trustees, executors or curators appointed by a court of law; our service providers, agents and subcontractors, such as couriers and other persons CENTAPOS uses to offer and provide solutions to customers; · courts of law or tribunals that require the personal information to adjudicate referrals, actions or applications; or CENTAPOS’s joint venture partners with which it has concluded business agreements.
WHEN AND HOW CENTAPOS OBTAINS AND SHARES CUSTOMERS’ PERSONAL INFORMATION FROM/WITH CREDIT BUREAUX? CENTAPOS may obtain customers’ personal information from credit bureaux for any one or more of the following reasons: if the customer requested CENTAPOS to do so, or agreed that it may do so; · to verify a customer’s identity; to obtain or verify a customer’s employment details; to obtain and verify a customer’s marital status; to obtain, verify, or update a customer’s contact or address details; to obtain a credit report about a customer, which includes their credit history and credit score, when the customer applies for a credit agreement to prevent reckless lending or over-indebtedness; to determine a customer’s credit risk; for debt recovery; to trace a customer’s whereabouts; to update a customer’s contact details; to conduct research, statistical analysis or system testing; to determine the source(s) of a customer’s income; to build credit scorecards which are used to evaluate credit applications; or to determine which solutions to promote or to offer to a customer. CENTAPOS will share a customer’s personal information with the credit bureaux for, among others, any one or more of the following reasons: · to report the application for a credit 4 agreement; to report the opening of a credit agreement; to report the termination of a credit agreement; to report payment behaviour on a credit agreement; or to report non-compliance with a credit agreement, such as not paying in full or on time. Customers should refer to their specific credit agreement with CENTAPOS for further information.
UNDER WHAT CIRCUMSTANCES WILL CENTAPOS TRANSFER CUSTOMERS’ PERSONAL INFORMATION TO OTHER COUNTRIES? CENTAPOS will only transfer a customer’s personal information to third parties in another country in any one or more of the following circumstances: where a customer’s personal information will be adequately protected under the other country’s laws or an agreement with the third-party recipient; where the transfer is necessary to enter into, or perform, under a contract with the customer or a contract with a third party that is in the customer’s interest; where the customer has consented to the transfer; and/or
CUSTOMERS’ DUTIES AND RIGHTS REGARDING THE PERSONAL INFORMATION CENTAPOS HAS ABOUT THEM Customers must provide CENTAPOS with proof of identity when enforcing the rights below. Customers must inform CENTAPOS when their personal information changes, as soon as possible after the change. Customers warrant that when they provide CENTAPOS with personal information of their spouse, dependents or any other person, they have permission from them to share their personal information with CENTAPOS. CENTAPOS will process the personal information of the customer’s spouse, dependent or any other person which the customer has shared with us as stated in this notice. 17.1. Right to access: Customers have the right to request access to the personal information CENTAPOS has about them by contacting CENTAPOS. This includes requesting: confirmation that CENTAPOS holds the customer’s personal information; a copy or description of the record containing the customer’s personal information; and the identity or categories of third parties who have had access to the customer’s personal information. CENTAPOS will attend to requests for access to personal information within a reasonable time. Customers may be required to pay a reasonable fee to receive copies or descriptions of records, or information about, third parties. CENTAPOS will inform customers of the fee before attending to their request. Customers should note that the law may limit their right to access information. Please refer to CENTAPOS’s Access to Information Manual prepared in accordance with Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 for further information on how customers can give effect to this right. 17.2. Right to correction, deletion or destruction: Customers have the right to request CENTAPOS to correct, delete or destroy the personal information it has about them if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or if CENTAPOS is no longer authorised to keep it. Customers must inform CENTAPOS of their request in the prescribed form. Prescribed form 2 has been included as an annexure to this notice. CENTAPOS will take reasonable steps to determine if the personal information is correct and make any correction needed. It may take a reasonable time for the change to reflect on CENTAPOS’s platform/systems. CENTAPOS may request documents from the customer to verify the change in personal information. A specific agreement that a customer has entered into with CENTAPOS may determine how the customer must change their personal information provided at the time when they entered into the specific agreement. Customers must adhere to these requirements. If the law requires CENTAPOS to keep the personal information, it will not be deleted or destroyed upon the customer’s request. The deletion or destruction of certain personal information may lead to the termination of a customer’s business relationship with CENTAPOS. 17.3. Right to objection: Customers may object on reasonable grounds to the processing of their personal information where the processing is in their legitimate interest, CENTAPOS’s legitimate interest or in the legitimate interest of another party. Customers must inform CENTAPOS of their objection in the prescribed form. Prescribed form 1 is included as an annexure to this notice. CENTAPOS will not be able to give effect to the customer’s objection if the processing of their personal information was and is permitted by law, the customer has provided consent to the processing and CENTAPOS’s processing was conducted in line with their consent; or the processing is necessary to conclude or perform under a contract with the customer. CENTAPOS will also not be able to give effect to a customer’s objection if the objection is not based upon reasonable grounds and substantiated with appropriate evidence. CENTAPOS will provide customers with feedback regarding their objections. 17.4. Right to withdraw consent: Where a customer has provided their consent for the processing of their personal information, the customer may withdraw their consent. If they withdraw their consent, CENTAPOS will explain the consequences to the customer. If a customer withdraws their consent, CENTAPOS may not be able to provide certain solutions to the customer. CENTAPOS will inform the customer if this is the case. CENTAPOS may proceed to process customers’ personal information, even if they have withdrawn their consent, if the law permits or requires it. It may a reasonable time for the change to reflect on CENTAPOSs’ systems. During this time, CENTAPOS may still process the customer’s personal information. 17.5. Right to complain Customers have a right to file a complaint with CENTAPOS or any regulator with jurisdiction (in South Africa customers can contact the Information Regulator) about an alleged contravention of the protection of their personal information. CENTAPOS will address customer complaints as far as possible. The contact details of the Information Regulator are provided below. Information Regulator 33 Hoofd Street Forum III, 3rd Floor Braampark P.O Box 31533 Braamfontein Johannesburg 2017 Website: https://www.justice.gov.za/inforeg Complaints email: complaints.IR@justice.gov.za General enquiries email: firstname.lastname@example.org
HOW CENTAPOS SECURES CUSTOMERS’ PERSONAL INFORMATION CENTAPOS will take appropriate and reasonable technical and organisational steps to protect customers’ personal information in line with industry best practices. CENTAPOS’s security measures, including physical, technological and procedural safeguards, will be appropriate and reasonable. This includes the following: keeping information systems secure (such as monitoring access and usage); storing physical and digital records securely; controlling the access to business premises, systems and/or records; and safely destroying or deleting records. Customers can also protect their own personal information and can obtain more information in this regard by visiting CENTAPOS’s website.
HOW LONG DOES CENTAPOS KEEP CUSTOMERS’ PERSONAL INFORMATION? CENTAPOS will keep customers’ personal information for as long as: the law requires CENTAPOS to keep it; a contract between the customer and CENTAPOS requires CENTAPOS to keep it; the customer has consented to CENTAPOS keeping it; CENTAPOS is required to keep it to achieve the purposes listed in this notice; CENTAPOS requires it for statistical or research purposes; a code of conduct requires CENTAPOS to keep it; and/or CENTAPOS requires it for lawful business purposes. TAKE NOTE: CENTAPOS may keep customers’ personal information even if they no longer have a relationship with CENTAPOS or if they request CENTAPOS to delete or destroy it, if the law permits or requires.
COOKIES A cookie is a small piece of data that is sent (usually in the form of a text file) from a website to the user’s device, such as a computer, smartphone or tablet. The purpose of a cookie is to provide a reliable mechanism to “remember” user behaviour (keeping track of previous actions), e.g. remembering the contents of an online shopping cart, and actions the user performed whilst browsing when not signed up or logged into their online account. CENTAPOS does not necessarily know the identity of the user of the device but does see the behaviour recorded on the device. Cookies could, however, be used to identify the device and, if the device is linked to a specific user, the user would also be identifiable. For example, a device registered to an app. customers agree that cookies may be forwarded from the relevant website or application to their computer or device. The cookie will enable CENTAPOS to know that a customer has visited a website or application before and will identify the customer. CENTAPOS may also use the cookie to prevent fraud.