2. This Policy serves to notify the data subject that the COMPANY, in terms of this Policy, collects personal information, as per section 18 of the Promotion of Access to Information Act. In addition, this Policy serves as compliance with Article 12(1) of the GDPR.
3. The COMPANY is Emerce Africa (Pty) Ltd with registration number 2013/218574/07, a company with limited liability, incorporated in accordance with the provisions of the Companies Act 71 of 2008, as amended, with its registered office at the Boulevard Office Park, Block F G, Searle Street, Woodstock, Cape Town, Western Cape, 7925.
4. By accessing or utilising the COMPANY’S website and/or online shop, the user (hereinafter referred to as the “CUSTOMER”) specifically agrees to the terms of this Policy as amended from time to time.
5. The COMPANY, through this Policy, wishes to inform the CUSTOMER of the scope and purpose for which personal information is processed by the COMPANY in connection with the CUSTOMER’S use of the COMPANY’S website and/or online shop.
6. The COMPANY is the operator of the online shop at www.emerce-africa.co.za and is responsible for processing the personal data of all CUSTOMERS of the COMPANY’S website, irrespective of whether the CUSTOMER registers to use the online shop.
7. The COMPANY’S contact information, including details of the relevant person whom the CUSTOMER may contact for questions concerning the processing of personal data, may be located on the COMPANY’S website, alternatively in the COMPANY’S Manual in terms of section 51 of the Promotion of Access to Information Act 2 of 2000, as amended.
8. The COMPANY is committed to safeguarding the privacy of CUSTOMERS’ personal information or data and the COMPANY takes protection of privacy and personal information very seriously.
9. The COMPANY gathers, stores and uses the CUSTOMER’S personal information only in line with the contents of this Policy and with applicable data protection provisions, such as: –
1. The European General Data Protection Regulation (GDPR); and
2. The Protection of Personal Information Act 4 of 2013.
10. The COMPANY reserves its right to amend this Policy from time to time and will do so without notice to any CUSTOMER. The latest version of this Policy will be indicated by the date information (below). The current version of this Policy can always be accessed directly via the COMPANY’S website.
11. It is the duty of the CUSTOMER to remain informed of any changes to this Policy and the COMPANY recommends that the CUSTOMER should regularly check possible changes to this Policy.
2. personal information
1. Personal Information/Data, in terms of The General Data Protection Regulation and the Protection of Personal Information Act 4 of 2013 collectively, refers to information relating to an identified or identifiable natural person and where it is applicable, an identifiable, existing juristic person.
2. Such information may include, but is not limited to: –
1. a name, age and/or gender;
2. an identification or registration number;
3. national and/or social origin;
4. financial and/or economic information;
5. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; and
7. the personal opinions, views or preferences of the person.
3. In contrast, information that cannot be connected to the CUSTOMER’S identity (e.g. statistical information, such as the number of website users) is not considered personal information.
4. As a rule, the COMPANY’S website can be used without disclosing the CUSTOMER’S identity and without providing personal data. Only general information about the CUSTOMER’S visit to the COMPANY’S website will be collected. However, personal information may be collected from the CUSTOMER for some of the services offered, such as entering or making use of the online shop. This information will then be processed by the COMPANY only for the purpose of using this online service, especially for providing the desired information. When the COMPANY requests personal data, only the data that is mandatory must be provided. Further information can be provided on a voluntary basis. The COMPANY will indicate whether it is a required field or optional details. The COMPANY provides specific details in relation to this aspect in the corresponding section of this Policy.
5. Automated decision-making based on the CUSTOMER’S personal information is not applied to the use of the COMPANY’S website and/or online shop.
1. Processing, in terms of The General Data Protection Regulation and the Protection of Personal Information Act 4 of 2013 collectively, refers to any operation, activity or set of operations performed on personal information, whether or not by automatic means, which activity may include, but is not limited to: –
1. collection, receipt, structuring, recording, organisation, collation, storage, updating or modification, adaptation, retrieval, alteration, consultation or use;
2. disclosure or dissemination by means of transmission, distribution or making available in any other form; and
3. merging, linking, restriction, degradation, erasure or destruction.
2. Unless stated otherwise in this Policy, the COMPANY, or its hosting providers, will store the CUSTOMER’S personal information on specially secured servers within the European Union. The storage thereof is a technical and organizational measure employed by the COMPANY to protect against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. All information stored by the COMPANY, is stored in compliance with the Protection of Personal Information Act No. 4 of 2013 (as amended from time to time), as well as the General Data Protection Regulation 2016/679.
3. Only a few authorized persons are able to access the CUSTOMER’S personal information. These individuals are responsible for the technical, commercial and editorial supervision of the server. Despite regular inspections, complete protection against all risks is not possible and the COMPANY in no way guarantees complete protection in this regard.
4. The COMPANY uses an SSL (Secure Sockets Layer) encryption for transmission of personal information on the internet.
5. The COMPANY further undertakes to secure the integrity and confidentiality of the personal information that is in its possession and under its control, by taking the appropriate reasonable technical and organisational measures to prevent loss, damage, unauthorised destruction, unlawful access, or unlawful processing of the CUSTOMER’S personal information. In doing so, the COMPANY shall have due regard to generally accepted applicable or industry information security practices and procedures.
1. This Policy applies to all data subjects (i.e. persons (whether a natural or juristic person) to which the personal information relates), and the personal information the COMPANY processes and collects, whether it was provided to the COMPANY through the use of its website, online shop or through any other form of communications with the CUSTOMER, such as email, telephone, or otherwise.
5. Legal Basis for Data Processing
1. Insofar as the COMPANY obtains consent to process the CUSTOMER’S personal data, Article 6(1)(a) of the GDPR and section 11(1)(a) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
2. Insofar as the CUSTOMER’S personal data is processed because it is required to fulfil a contract or as part of a contract-like relationship with the CUSTOMER, Article 6(1)(b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
3. Insofar as the COMPANY processes the CUSTOMER’S personal data to fulfil a legal obligation, Article 6(1)(c) of the GDPR and section 11(1)(c) of the Protection of Personal Information Act, as amended, serves as the legal basis for data processing.
4. As a legal basis for data processing, Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, is taken into further consideration if the processing of the CUSTOMER’S personal data is required to protect a legitimate interest of the COMPANY or a third party and the CUSTOMER’S interests, basic rights and freedoms do not require personal data to be protected.
5. In line with this Policy, the COMPANY will always indicate on which legal basis the COMPANY processes the CUSTOMER’S personal data.
6. COLLECTion of PERSONAL INFORMATION
1. The nature of the personal information that the COMPANY collects about its users and/or CUSTOMERS is dependent on:
1. the transaction that the CUSTOMER is completing;
2. the reason that the CUSTOMER is communicating with the COMPANY for; and
3. the Channel that is used to communicate with the COMPANY.
When the COMPANY’S Internet pages are called up, the COMPANY receives access data that is stored for protective purposes which allows the COMPANY to identify the CUSTOMER. This data includes:
1. the name of the CUSTOMER’S Internet service provider;
2. the country the CUSTOMER resides in;
3. the website the CUSTOMER comes from to visit the COMPANY;
4. the search term the CUSTOMER uses, if it accesses the COMPANY’S website via a search engine;
5. the websites of the COMPANY that the CUSTOMER visits;
6. the user tool (web browser, operating system) the CUSTOMER uses to access the website;
7. files that the CUSTOMER downloads from the COMPANY’S website (e.g. PDF or Word documents);
8. the duration of the CUSTOMER’S visit on the website;
9. the date and the time of the CUSTOMER’S visit on the website;
2. This information is assessed by the COMPANY and allows it to optimize its offerings as a whole and to personalize the content specifically for the CUSTOMER, e.g. recognize the CUSTOMER as a return visitor to the COMPANY’S Internet offering.
2. REASONS FOR COLLECTING PERSONAL INFORMATION?
1. The COMPANY collects the personal information from the CUSTOMER when it:
1. voluntarily provides the COMPANY with information;
2. subscribes to or consents to receiving newsletters or other communications from the COMPANY;
3. browses, visits or participates in the COMPANY’S website;
4. registers an online profile on the COMPANY’S website;
5. purchases or enquires about the products/services sold by the COMPANY;
6. makes general enquiries, lodge complaints, and communicate with the COMPANY.
2. From time to time the COMPANY may collect personal information from trusted third parties, in which case it shall ensure that the CUSTOMER has provided its consent in respect thereof.
3. The COMPANY shall not sell, rent or otherwise disclose its personal information to any third party without the CUSTOMER’S express consent, provided that by using the website and/or subscribing for any of the COMPANY’S services, the CUSTOMER provides its express and informed consent for the COMPANY to disclose its personal information to third parties as follows:
1. to third party companies employed by the COMPANY to provide services for it, including for example, website hosting, administration, maintenance and development. These companies require access to the CUSTOMER’S personal information to perform their functions and not for any other purpose;
2. to transfer the CUSTOMER’S database/s, including personal information contained therein, to any third party who acquires all or substantially all of the assets or shares in the COMPANY or the COMPANY’S website service whether by sale, merger, acquisition or otherwise;
3. to governmental agencies, exchanges and other regulatory or self-regulatory organisations if the COMPANY is required to do so by law or if the COMPANY believes that such action is necessary to:
1. comply with the law or with any legal process;
2. protect and defend the COMPANY’S rights and property or that of its CUSTOMERS and companies in its group;
3. prevent fraud or abuse, misuse or unauthorised use of the COMPANY’S website; and/or
4. protect the personal safety or property of its CUSTOMERS or the public (if the CUSTOMER provides false or deceptive information about itself or misrepresents itself as being someone else, the COMPANY shall disclose such information to the appropriate regulatory bodies and commercial entities); and
4. if applicable, to personalise the CUSTOMER’S experience on the COMPANY’S website, to help the CUSTOMER to log on in future and to continue to use the website, to reply to queries the CUSTOMER might have, to provide it with support and to help the COMPANY select services or materials for inclusion on its website, which may be of interest to the CUSTOMER.
4. The COMPANY undertakes not to use personal information other than for the purpose for which it was provided or collected, and in accordance with the COMPANY’S legitimate interests and legal obligations.
5. The COMPANY reserves the right to share non-personal, non-individual information in aggregate form with third parties for business purposes, for example with advertisers on the COMPANY’S website or business associates and partners. The CUSTOMER shall not be identifiable from such data.
6. The COMPANY is not responsible and cannot be held liable for the privacy practices of such third parties.
3. Sharing Personal Data with Third Parties
1. The COMPANY generally uses your personal information to carry out the services desired by the CUSTOMER only. Insofar as the COMPANY uses external service providers to carry out these services, their access to the data will be exclusively for the purpose of this task.
2. Using technical and organizational measures, the COMPANY ensures compliance with data protection standards and also commits its external service providers to such standards.
3. Furthermore, the COMPANY does not pass on data to third parties without the CUSTOMER’S express permission, especially not for promotional purposes.
4. The CUSTOMER’S personal data is passed on only if the CUSTOMER has consented to it or insofar as the COMPANY is authorized or obligated to do so due to legal provisions and/or official or judicial instructions.
5. In particular, this may concern giving information for the purpose of criminal prosecution, for hazard prevention, or to enforce intellectual property rights.
4. Deleting Data and Storage Duration
1. As a rule, the COMPANY will always delete or block the CUSTOMER’S personal data when the purpose of the storage is eliminated.
2. However, storage may also take place if this is designated by legal provisions to which the COMPANY is subject, for example in terms of legal storage and documentation obligations.
3. In a case such as this, the COMPANY will delete or block the CUSTOMER’S personal data after the end of the relevant specifications.
USING THE COMPANY’S ONLINE SERVICE
1. Information about THE CUSTOMER’S Device
1. Each time the COMPANY’S website is accessed, the COMPANY gathers the following information about the CUSTOMER’S device independently of the CUSTOMER’S registration:
1. the IP address of the CUSTOMER’S device;
2. the web browser request; and
3. the time of the request.
2. In addition, the status and the data volume transferred will be collected by the COMPANY as part of this request.
3. The COMPANY also collects product and version information about the web browser used and the device’s operating system.
4. Furthermore, the COMPANY gathers information on the website from which the online service was accessed.
5. The IP address of the CUSTOMER’S device is stored only for the time that the online service is used and is deleted afterward or anonymized by abbreviating it. The other data is stored for an unlimited amount of time.
6. The COMPANY uses this data to operate the online service, particularly to identify and remedy errors in order to determine the utilization of the online service and make adjustments or improvements. As the COMPANY’S justifiable interest in data processing in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, these purposes are also the legal basis for this processing.
2. Access to and use of the EMERCE-SHOP
1. An order in the COMPANY’S online store (“SHOP”) is not possible until the CUSTOMER has been activated for the SHOP.
2. CUSTOMERS are activated at the COMPANY’S discretion only after the CUSTOMERS have requested access to the SHOP (“registration request”).
3. The registration request gathers mostly company-related information, but also personal details such as the name of the contact and the business email address. When the COMPANY sets up access to the SHOP on the basis of the registration request, the COMPANY creates a personal customer account. In doing so, the COMPANY uses the mandatory information provided in the registration request, as well as the CUSTOMER’S master data of which the COMPANY is already aware (such as address and payment data).
4. Should the CUSTOMER fail to provide the mandatory information upon registration request, the consequence is that the CUSTOMER will not be afforded access to the COMPANY’S SHOP.
5. After activation, the CUSTOMER can view and (in some cases after checking with the COMPANY) change all the information the COMPANY used to set up the CUSTOMER account.
6. The CUSTOMER account is used for the CUSTOMER’S orders in the SHOP.
7. The legal basis for this processing is the initiation of a contract conclusion at the request of the CUSTOMER in accordance with Article 6 (1) b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended and the COMPANY’S legitimate interest in this design of the order process in accordance with Article 6(1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
8. The COMPANY uses the personal information (such as name, email address, address, payment data) available in the CUSTOMER account for the purpose of ordering goods in order to implement and process the order, which is subject to acceptance by the COMPANY.
9. This information is kept confidential and not forwarded to third parties who are not involved in the ordering, delivery, or payment process.
10. The legal basis for this processing is the initiation of a contract conclusion at the request of the CUSTOMER and the conclusion and performance of a contract with the CUSTOMER in accordance with Article 6 (1) b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended.
11. The payments by way of credit card payment or other payment methods (including bank transfers, if indicated) are processed by Adyen N.V., Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam, the Netherlands, or by associated companies. The COMPANY reserves its right to change the service provider without prior notice to the CUSTOMER.
12. In addition to pure payment processing, Adyen also performs a credit check. In order to prevent and uncover fraud, the COMPANY transmits the CUSTOMER’S IP address and other data relating to the CUSTOMER’S device (e.g., type of device, browser version) to Adyen along with the data required for payment processing and the credit check. Adyen stores the CUSTOMER’S IP address. All data is encrypted for transmission.
13. The COMPANY reserves the right to engage additional payment service providers.
1. The CUSTOMER does not have to provide the COMPANY with personal information in order to visit or access the freely available sections of its website.
2. Some services on the COMPANY’S website may, however, be restricted to registered CUSTOMERS only (including but not limited to access to the online shop). In order for the CUSTOMER to use such services the COMPANY will require certain personal information from the CUSTOMER. The personal information will be provided to the COMPANY by the CUSTOMER when the CUSTOMER registers with the COMPANY.
3. All personal information provided by the CUSTOMER will be collected, stored and used in accordance with this Policy, the European General Data Protection Regulation and the Protection of Personal Information Act 4 of 2013 and the CUSTOMER explicitly consents to such use when it registers with the COMPANY.
4. requests for consent to process personal information for purposes of direct marketing by electronic communication
1. Where the COMPANY wishes to process the CUSTOMER’S personal information for the purpose of direct marketing by electronic communication it will in terms of section 69(2) of the Act provide the CUSTOMER with a request for written consent in a form similar to Form 4 of the Regulations Relating to the Protection of Personal Information (http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf).
5. using cookies
1. Cookies are used on the COMPANY’S online service, like with many websites. Cookies are small text files that are stored on your computer and store, via the CUSTOMER’S web browser, the certain settings and data which may be shared with the COMPANY’S online service. A cookie usually contains the name of the domain from which the cookie file was sent and information about the age of the cookie and an alphanumerical identifier.
2. Cookies enables the COMPANY to recognize the CUSTOMER’S device and make possible default settings available immediately. Cookies assist the COMPANY in improving the online service and enables the COMPANY to provide the CUSTOMER with a better service that is tailored to the CUSTOMER’S specific needs. In this regard, the COMPANY also observes its justifiable interest in data processing in accordance with Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
4. Most web browsers are set up so that the CUSTOMER automatically accepts cookies. However, the CUSTOMER can deactivate cookie storage or set up its web browser so that it notifies the CUSTOMER as soon as cookies are sent. It is also possible to delete already stored cookies manually using the web browser settings. Please note that the CUSTOMER may be able to use only a restricted version of the COMPANY’S online service or not at all, if the CUSTOMER rejects the storage of cookies or delete the necessary cookies.
USE OF TECHNICALLY NECESSARY COOKIES
1. Some cookies are necessary for technical reasons to enable the use of the COMPANY’S online service. With these cookies, the COMPANY gathers and stores the following data:
1. Language settings;
2. Search settings;
3. Information to identify or authenticate the user;
4. Data for smooth forwarding of audio or video content.
2. Cookies enable the COMPANY to recognize the CUSTOMER’S computer and make possible default settings available. Cookies help the COMPANY to improve the online service and enables the COMPANY to provide the CUSTOMER with a better and more user-friendly service. Using cookies is also required to simplify the use of the COMPANY’S online service. Some functions can be provided only by using cookies. This concerns the search function, language settings and similar. From this follows the COMPANY’S justifiable interest for the legal basis for processing data by means of cookies in accordance with Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
USE OF ANALYSIS COOKIES (GOOGLE ANALYTICS)
1. Frequency of page views;
2. Search terms;
3. Use of website functions;
4. Duration of visit.
2. The CUSTOMER’S data, collected using cookies, is pseudonymized so that it is no longer possible to assign data to a respective user if they have not clearly and actively given their consent.
3. The COMPANY uses cookie analysis to improve and optimize the quality of its online service and its content and to also review and improve the range and retrievability of the COMPANY’S online service. At the same time, these purposes constitute a legitimate interest within the meaning of the legal basis for processing under Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
4. To analyse user behaviour for the aforementioned purposes, the COMPANY uses the software called Google Analytics, which itself employs cookies as explained. The COMPANY uses Google Analytics for statistical evaluations.
5. Google Analytics is a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”). Google Analytics uses “cookies,” which are text files saved on the CUSTOMER’S computer to help the website analyse how users use the site. The information generated by these cookies about the CUSTOMER’s use of the website will generally be transmitted to and saved by Google in the United States. In the event that IP anonymization is activated on this website, however, the CUSTOMER’S IP address will be abbreviated in advance by Google within the member states of the European Union or in other countries that are members of the European Economic Area agreement. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and abbreviated there.
6. On behalf of the operator of this website, Google will use the information to evaluate the CUSTOMER’s use of the website, to collect reports on the website activities, and to perform other services related to the website use and internet use for the website operator. The IP address sent by the CUSTOMER’s browser for Google Analytics will not be combined with other data owned by Google.
8. More information can be found at tools.google.com/dlpage/gaoptout and http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). Please note that on the COMPANY’S website(s) Google Analytics was expanded by the code “anonymizeIp();” to anonymize IP addresses, in which case the last byte is deleted.
9. The COMPANY is of the opinion that due to the protective measures taken (anonymization and the right of withdrawal), data processing to optimize the COMPANY’S online service can be considered a legitimate interest in data processing pursuant to Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
2. use of sales force pardot
1. The COMPANY uses the cloud-based software product “Pardot” (“Pardot”) from Salesforce.com EMEA Lim-ited (“Salesforce”), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY.
2. Pardot is marketing automation software that allows the COMPANY to maintain, assess, and expand its online service and marketing communication and optimize the content on the COMPANY’S website(s). The COMPANY also uses Pardot in particular for sending the COMPANY’S newsletter (see “Newsletter” section). Furthermore, to protect users, CUSTOMER and partners, fraud and security risks can be detected and eliminated, if necessary.
1. (https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&typ e=5).
5. When the CUSTOMER visits the COMPANY’S website, the CUSTOMER’S full IP address and the data stipulated in the “Information about Your Device” section are also transmitted to Salesforce, but not saved.
6. Should the CUSTOMER sign up or register for a service on the COMPANY’S website (e.g., if the CUSTOMER registers for the online shop or subscribe to a newsletter), the COMPANY links (retroactively, as the case may be) the data acquired by the Pardot cookies to the CUSTOMER’S email address and an individual ID, also using the Pardot software product. With the data thus acquired, the COMPANY creates a user profile in order to make the CUSTOMER offers tailored to the CUSTOMER’S individual interests and to improve the COMPANY’S service. Further information on the use of Pardot in connection with the newsletter is available in the “Newsletter” section.
7. Salesforce works as a processor for the COMPANY only and acts exclusively in accordance with the COMPANY’S instructions. The COMPANY has concluded the legally required contractual agreements with Salesforce.
8. The Pardot cloud is located on the computers of Salesforce or its parent company Salesforce.com Inc. in the USA (i.e., outside the European Union (EU) and the European Economic Area (EEA)). Therefore, personal data collected and processed in connection with the COPMANY’S use of Pardot is stored and processed by Salesforce or its parent company Salesforce.com Inc. on servers in the USA. Salesforce.com Inc. is certified in accordance with the EU – US- Privacy Shield Framework Certified and has also obtained the TRUSTe Privacy Seal (https://www.trustarc.com/). Salesforce.com Inc. thus offers an additional guarantee to comply with European data protection laws.
9. For more information on data protection at Salesforce, visit https://www.salesforce.com/de/company/privacy/.
10. In accordance with Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended, the COMPANY has a legitimate interest in the transmission of data/information to Salesforce, in order to enable processing for the above purposes.
3. Use of Retargeting and Remarketing
1. “Retargeting and remarketing” refer to technologies in which users who have visited a certain website are shown applicable advertisements even after having left the website. For this, it is required that internet users recognize, beyond the company website, for what purpose the cookies of the corresponding service provider are used; the previous usage behavior is also taken into account.
2. For example, if a CUSTOMER views certain product, these products, or similar products, could then be shown later as advertisements on other websites. This concerns personalized advertisements that are adapted to the needs of the individual user. For these personalized advertisements, it is not necessary for the CUSTOMER to be identified beyond initial recognition.
3. The data used for retargeting or remarketing is therefore not combined with further data. The COMPANY uses these kinds of technologies to connect advertisements on the internet.
4. The COMPANY relies on third-party providers to connect advertisements and the COMPANY uses Google services (Google AdWords Conversion and Google Remarketing) to this end.
5. The conversion tracking by the advertising program “Google AdWords” provides the COMPANY with information on the success of its advertisements.
6. Google AdWords allows the COMPANY to track whether users respond to its advertisements placed on other websites by Google or its partners. If a user clicks on such an advertisement and is thus redirected to the COMPANY’S website, a cookie is stored on the CUSTOMER’S PC. In addition, Google AdWords can identify which specific advertisement brought a CUSTOMER to the COMPANY’S website.
7. According to Google, the cookie normally expires after 30 days. The COMPANY only receives statistical analyses of this data, which it can use to determine the success of its advertising. The COMPANY does not receive information that can personally identify CUSTOMERS. The COMPANY, however, has no influence on Google’s use of the data.
8. In addition, the COMPANY uses the Google Remarketing advertising program in connection with personalized advertising on its website. With this program, you can be shown the COMPANY’S advertising and its products when using other websites after visiting the COMPANY’S website.
9. This is enabled by cookies stored in your browser that record internet usage when visiting various websites. For example, Google can identify the CUSTOMER’S previous visit to the COMPANY’S website and place relevant advertisements for the COMPANY. Google states that the data collected in connection with remarketing cannot be linked to the CUSTOMER’S personal data that Google may have stored. In particular, Google claims to practice pseudonymization with regard to remarketing.
10. For more information about data privacy by Google, see at:
1. http://www.google.com/intl/de/policies/privacy; and
11. Google is certified in accordance with the regulations of the EU-US-Privacy-Shield (https://www.privacyshield.gov/EU-US-Framework).
12. The installation of cookies for Google remarketing and Google AdWords conversion tracking can be prevented by a setting on the respective web browser software by calling up the website (https://support.google.com/ads/answer/7395996?hl=de?) and changing the corresponding setting.
13. Connecting advertisements is the COMPANY’S justifiable interest in data processing pursuant to Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
4. USE OF YOUTUBE
1. The COMPANY’S online service includes videos for the forwarding of which the COMPANY uses a plug-in belonging to YouTube (“YouTube”), which is operated by Google.
2. The operator of this service is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, U.S.A. If the CUSTOMER calls up a website of the COMPANY’S online service that includes a video, this creates a connection to YouTube’s servers. This communicates to YouTube’s servers which websites of the COMPANY’S online server the CUSTOMER has visited.
3. If the CUSTOMER is logged into its YouTube account, the CUSTOMER enables YouTube to assign the CUSTOMER’S surfing activity directly to the CUSTOMER’S personal profile. The CUSTOMER can prevent this by logging out of its YouTube account.
5. The COMPANY uses YouTube to show the CUSTOMER videos and so communicate more to the CUSTOMER about the COMPANY and the COMPANY’S services; at the same time, this is the justifiable interest in terms of Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
5. communicating with the company
1. Personal data is collected when contact is made with the COMPANY (by, inter alia, email). This is stored and used exclusively for the purpose of responding to the CUSTOMER’S concern or for making contact and the associated technical administration which is required in this regard. The legal basis for the processing of the data is the COMPANY’S legitimate interest in responding to the CUSTOMER’S concern in accordance with Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
2. If the CUSTOMER’S contact with the COMPANY is aimed at entering into a contract, Article 6 (1) b) of the GDPR and section 11(1)(b) of the Protection of Personal Information Act, as amended, is an additional legal basis for the processing.
3. After the CUSTOMER’S concerns have been addressed, the COMPANY will store the CUSTOMER’S data temporarily in the event of any other questions.
4. The CUSTOMER can request at any time that the CUSTOMER’S data be deleted, otherwise it will be deleted after the matter has been addressed in full. This is without prejudice to legal retention obligations.
6. the company newletter
1. Registration for the COMPANY Newsletter concluded done via the double opt-in process, which requires a personal reconfirmation via e-mail approval.
2. The CUSTOMER can unsubscribe from the newsletter at any time.
3. When the CUSTOMER registers for the COMPANY’S newsletter, the CUSTOMER’S e-mail address will be used for the COMPANY’S own advertising purposes until such time as the CUSTOMER unsubscribes. The CUSTOMER will receive regular information via e-mail on current topics and e-mails on special occasions (e.g. for special promotions or training offers). These e-mails may be personalized and tailored based on the COMPANY’S information about the CUSTOMER.
4. For subscribing to the COMPANY’S newsletter, if the CUSTOMER has not provided the CUSTOMER’S consent in writing, the COMPANY uses what is known as the double opt-in process, which means that the COMPANY will only send the CUSTOMER a newsletter by e-mail when the CUSTOMER has expressly confirmed in advance that the COMPANY should activate newsletter delivery. The COMPANY will then send the CUSTOMER a notification e-mail and ask the CUSTOMER to confirm that the CUSTOMER is willing to receive the COMPANY newsletter by clicking the link included in the e-mail.
5. The legal basis for processing the CUSTOMER’S data is the CUSTOMER’S consent in accordance with Article 6 (1)(a) GDPR and section 11(1)(a) of the Protection of Personal Information Act, as amended, if the CUSTOMER has expressly subscribed to the newsletter.
6. In line with the legal specifications, it may also be possible for the CUSTOMER to receive the COMPANY newsletter without express consent because the CUSTOMER has ordered goods or services from the COMPANY, the COMPANY obtained the CUSTOMER’S e-mail address in this context and the CUSTOMER did not object to receiving information by e-mail. In this case, the legal basis is the COMPANY’S legitimate interest to communicate direct advertising to the CUSTOMER in accordance with Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended.
7. The COMPANY use the Salesforce Pardot marketing automation tool to send the newsletter (see “Use of Salesforce Pardot” above). Please note that the COMPANY will analyse the CUSTOMER’S user behaviour when the COMPANY sends the newsletter.
8. For the purpose of this analysis, the emails that are sent contain web beacons or tracking pixels. For the analyses, The COMPANY links the data transmitted via these tracking pixels with the CUSTOMER’S email address and a personalized ID. The COMPANY uses the data thereby obtained to create a user profile so that the COMPANY can tailor the newsletter to the CUSTOMER’S particular interests.
9. When the CUSTOMER reads the COMPANY newsletter, the COMPANY records which links the CUSTOMER clicks to infer the CUSTOMER’S personal interests. The COMPANY links this data to actions that the CUSTOMER carries out on the COMPANY’S website.
10. If the Customer does not want the COMPANY to do this, the CUSTOMER should cancel its subscription. Tracking of this nature will also not be possible if the CUSTOMER’S email application default settings have disabled the display of images.
11. In this case, the CUSTOMER will not see the full content of the newsletter and may not be able to use all functions. If you manually display the images, the tracking referred to above will take place. If the CUSTOMER has subscribed to the COMPANY’S marketing newsletter and the COMPANY, as described above, analyses the CUSTOMER’S user behaviour, the COMPANY will share the information collected in the process for marketing purposes with the companies named below, which are affiliated with the COMPANY:
12. SMA Solar Technology AG, Sonnenallee 1, 34266 Niestetal, Germany;
1. Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de
13. SMA Sunbelt Energy GmbH, Sonnenallee 1, 34266 Niestetal, Germany; and
1. Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de
14. coneva GmbH, Dingolfingerstraße 15, 81673 München, Germany.
1. Tel.: +49 561 9522-0 / www.coneva.com / Info@coneva.com
15. The CUSTOMER’S information are shared with these companies so the COMPANY can compile, in its newsletter, the best possible offers for the CUSTOMER and the offers that the CUSTOMER will find relevant and interesting.
16. The companies named above will not use the CUSTOMER’S personal information to contact the CUSTOMER via other marketing channels (for example, phone calls). SMA Solar Technology AG has concluded agreements governing processing on the COMPANY’S behalf with these companies.
18. Furthermore, the COMPANY’S CUSTOMERS also benefit from the sharing of the collected data with the COMPANY’S affiliated companies, so they can receive customized information in line with their interests.
19. The data processing is therefore also based on a legitimate interest under Article 6 (1)(f) of the GDPR and section 11(1)(f) of the Protection of Personal Information Act, as amended. This is especially true since CUSTOMERS can cancel the newsletter at any time.
20. The information will be stored for as long as the CUSTOMER is subscribed to the newsletter. If the CUSTOMER unsubscribes, the COMPANY will store data anonymously and purely for statistical purposes.
21. If the CUSTOMER does not want to receive a newsletter from the COMPANY at all, the CUSTOMER can withdraw your given consent at any time with effect for the future or object to further receipt of emails.
22. Just use the unsubscribe link included in every newsletter or send a message to the COMPANY or its data protection/information officer.
7. USE OF SOCIAL MEDIA
1. In the COMPANY’S online service, you can find hyperlinks to the social network Facebook, professional network LinkedIn and short message service Twitter.
2. The hyperlinks can be recognized by the provider’s respective logo.
4. Please check the relevant privacy policies of the individual providers for details on the applicable terms and conditions; these can be found under:
1. Facebook: www.facebook.com/policy.php
2. LinkedIn: https://www.linkedin.com/legal/privacy-policy
3. Twitter: twitter.com/privacy
5. Before calling up the relevant hyperlinks, the CUSTOMER’S personal information is not transferred to the respective provider. At the same time, the CUSTOMER calling up the linked site is the legal basis for data processing by the relevant provider.
8. Your Rights and Contact
1. The COMPANY places strong emphasis on explaining the processing of personal data as transparently as possible and informing the CUSTOMER of its rights. If the CUSTOMER would like more detailed information or wish to exercise its rights, the CUSTOMER can contact the COMPANY at any time so that the COMPANY can take care of the CUSTOMER’S concerns.
9. Data Subject Rights
1. With regard to processing the CUSTOMER’S personal information/data, the CUSTOMER is entitled to extensive rights in terms of the GDPR and the Protection of Personal Information Act.
2. In addition, the CUSTOMER has a comprehensive right to information and can demand the correction and/or deletion or blocking of its personal data, if applicable.
3. In terms of the Regulations Relating to the Protection of Personal Information: –
1. A data subject who wishes to request a correction or deletion of personal information or the destruction or deletion of a record of personal information in terms of section 24(1) of the Protection of Personal Information Act, must submit a request to the responsible party on Form 2 (http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf).
2. The COMPANY, or a designated person, must render such reasonable assistance, as is necessary free of charge, to enable a data subject to complete Form 2.
4. The CUSTOMER can also demand a restriction of processing and have the right of objection. With regard to the personal data the CUSTOMER transferred to the COMPANY, the CUSTOMER also has the right to data portability.
5. If the CUSTOMER wishes to exercise its rights and/or receive more information about them, please contact the COMPANY’S customer service. Alternatively, the CUSTOMER can also contact the COMPANY’S data protection/information officer.
6. In terms of the Protection of Personal Information Act, the CUSTOMER has the following options available to it in respect of its personal information that the COMPANY processes:
1. it may inquire from the COMPANY, at no cost, whether the COMPANY holds its personal information, as long as it provides the COMPANY with adequate proof of its identity;
2. where necessary, request the correction, destruction or deletion of its personal information, as per clause 22.3.1 above;
3. object to, in terms of clause 23.7.1 below, restrict or limit the processing of its personal information;
4. object to the COMPANY utilising personal information for purposes of direct marketing, in terms of clause 23.7.1 below;
5. request to not have its personal information used to be sent unsolicited emails.
7. The CUSTOMER can exercise any of its rights listed above by sending an email to firstname.lastname@example.org. Where the COMPANY has reasonable doubt as to the identity of the person making an enquiry, it may request additional information in order to confirm the identity of the person, such as an identity document, including a driver’s licence or passport.
8. Please note that the above rights are not absolute, and the COMPANY may be entitled to refuse requests, where exceptions apply. Should the COMPANY determine that the CUSTOMER is not entitled to exercise a specific right, the COMPANY will provide it with the reason in respect thereof.
9. Should the CUSTOMER has reasonable grounds to believe that its personal information has been accessed or acquired by any unauthorised person, the COMPANY shall, as soon as is reasonably possible and lawfully required, notify the applicable regulator/s, as well as the CUSTOMER, unless it is unable to establish the identity of the personal information that has been unlawfully accessed.
10. Revoking Consent and Objection
1. Any consent that the CUSTOMER has provided can be withdrawn on request at any time with effect for the future.
2. Withdrawing consent will not affect the lawfulness of the processing that was carried out by the COMPANY between the time of consent and withdrawal.
3. Both the COMPANY’S customer service and the COMPANY’S data protection/information officer are contact persons for this matter.
4. Insofar as processing the CUSTOMER’S personal data is not based on consent but another legal basis, the CUSTOMER can object to this data processing.
5. Once the CUSTOMER objects, there will be a review and, if necessary, termination of data processing.
6. The CUSTOMER will be informed of the results of the review and receive – if the data processing is to continue nevertheless – detailed information from the COMPANY about why data processing is permitted.
7. In terms of the Regulations Relating to the Protection of Personal Information: –
1. A data subject who wishes to object to the processing of personal information, in terms of section 11(3)(a) of the Protection of Information Act, must submit the objection to the responsible party in a form similar to form 1 (http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf).
8. The COMPANY, or a designated person, undertakes to render such reasonable assistance as is necessary, free of charge, to enable the data subject to make an objection on Form 1.
11. Data Protection/Information Officer and Contact
1. The COMPANY has commissioned an external data protection/information officer who provides the COMPANY with support in issues relating to data protection and whom the CUSTOMER can contact directly.
2. The COMPANY’S data protection/Information officer and their team is available for questions related to the COMPANY’S handling of personal data or more information on issues relating to data protection:
1. SMA Solar Technology AG, Data protection officer, Sonnenallee 1, 34266 Niestetal Germany
2. Email: email@example.com
1. If the CUSTOMER concludes that the processing of the CUSTOMER’S personal data by the COMPANY is not in line with this Policy or the applicable data protection requirements, the CUSTOMER can complain to the COMPANY’S data protection officer. The data protection officer will then review the matter and inform the CUSTOMER of the result of the review. Furthermore, the CUSTOMER also has the right to complain to a supervisory authority.
More Information and Changes
1. Links to Other Websites
1. The COMPANY’S online service may contain links to other websites. These hyperlinks are generally labeled as such.
2. The COMPANY has no influence on and to what extent the linked websites comply with the applicable data protection regulations.
3. Therefore, the COMPANY recommends that the CUSTOMER informs itself of the relevant privacy policies for other websites as well.
Status: September 2019