(Version effective as of 1 April 2019)
Shoprite Checkers (Pty) Ltd is committed to protecting your privacy. We recognise our obligation to respect and protect the confidentiality of your personal and financial information. This processing policy concerns the processing of personal data on users of and visitors to our website. Although most information on this site is available without the need to provide personal data, in specific cases the user is asked for personal details. The processing of personal data must be transparent and secure in conformity with the Protection of Personal Information Act (POPI) as well as the General Data Protection Regulation (GDPR). This processing policy contains the information required by POPI and GDPR.
Who we are
When we refer to "we", "us" or "our" herein we are referring to Shoprite Checkers (Pty) Ltd (Registration Number 1929/001817/07) and its affiliated group companies, or any of them, as the context requires, as well as our assignees and successors in title. Our principal place of business is at Cnr William Dabbs & Old Paarl Roads, Brackenfell, 7561 but we recommend you contact our Risk and Compliance Manager at firstname.lastname@example.org.
Processing Purposes and Legal Basis for Processing
You recognise that in order to make use of our products and services you will have to provide us with certain information pertaining to you, failing which we may not be able to render such products or services to you. However, the choice of providing us with information remains yours at all times. We may collect information about you as follows:
- From you, including all the information as contained in the forms that you submit (including your name, contact details, age, identity number, assets, liabilities, income and payment records), requests or transactions, when you use our web sites or otherwise when you apply for our services or make use of our services;
- When you register on the website and/or subscribe to our newsletter, we ask you to enter some personal details (forename, surname and email address). These personal data are used for the management of the site and the service for which you are registered;
- From public registers, credit bureaus, money laundering, fraud prevention and law enforcement agencies and from your current and previous insurance companies, including for the purposes of processing your application for credit or services and to reassess your status from time to time;
- From people and entities employed by us to provide services for us, which may include debt collection services, cheque verification services, communications services and data hosting, processing and management services;
- From persons employed by you to provide services to you, including communications services and data hosting, processing and management services;
- Details of your preferences regarding our products and services, and other demographic and lifestyle information;
- Details of when you contact us and when we contact you, including the IP addresses, electronic mail addresses and telephone numbers you contact us from and the content of the communications between us, which we may record. We may hold your information collected hereunder for as long as you are registered to use our services and for at least five years thereafter or such longer period as may be required or permitted by law.
- From such other persons as you may consent to or which may be legally entitled to provide us with information about you; and
We may also make enquiries with anyone for the purposes of verifying the accuracy of information already given to us.
- In accordance with POPI and GDPR, the legal basis for processing your personal data is your permission.
Why we need your information
We collect and will process your information for the following purposes:
- To process your application for credit and orders for goods or services and for making related decisions (such as the continuation or extension of credit), including by verifying your identity, credit status, contact details, financial track record and otherwise ascertaining that you qualify for our services from time to time;
- To take such actions as may be required to enable and improve your use of our services and to exercise our rights and comply with our obligations in respect thereof, including by processing and recording your product and service requests and transactions, managing your accounts and policies, delivering our products and services to you, communicating with you regarding your use of our products and services and collecting payments you may owe us;
- To ensure that the information we receive and hold about you is accurate, complete and up to date;
- To prevent, investigate and prosecute fraud, money laundering, terrorism, abuse of our services and other unlawful activities;
- To comply with legal and regulatory requirements, for audit purposes and legal proceedings;
- To conduct market research and business analysis, understand your preferences, learn more about the products and services that you are interested in and improve the products and services we offer to you;
- To inform and provide you with the opportunity to make use of products, services and benefits that we offer and that we believe may be of interest to you to the extent that we are lawfully permitted to do so; and
- For such other purposes as you may consent to or as may otherwise be lawfully permitted, including for the purposes of protecting our and/or your legitimate interests and/or that of our suppliers and other customers.
Please note that we will not contact you telephonically for unsolicited marketing purposes or send unsolicited marketing communications to you by mail, facsimile, SMS or electronic mail if you have objected to receiving such communications by way of a public register recognised for such purposes by law or by notifying us of your objection in the prescribed manner. We will provide you with reasonable opportunities to object to receiving marketing communications in the manner prescribed by law, including upon your application to subscribe to our services and on each occasion when we send you such communications.
Please note that we may use a credit-scoring or other automated decision-making system to assess your applications for credit. If we use an automated decision-making system, we will provide you with a description of the underlying logic of our decision-making system and provide you with an opportunity to make representations to us regarding the decision.
Sharing your information
Keeping your financial information secure is one of our most important responsibilities. We cannot disclose your information unless legally permitted thereto. Save as set out below, we will not transfer your information to a third party without your consent unless legally obliged thereto. In particular, we do not sell lists or databases with our clients' information and will not provide any of your information to entities outside our group so as to permit them to market their goods or services to you. You agree that we may transfer your information to the following people and organisations in pursuit of the data processing purposes set out in this policy:
- To the divisions and entities in the Shoprite group, including to the directors, employees, contractors, agents, auditors, legal and other professional advisors of the divisions and entities in the Shoprite group;
- To banks, credit bureaus and fraud prevention agencies, who may link your information with those of your family members and business associates, provided that we will notify you in advance before we provide adverse information about you to a credit bureau and, upon request, provide you with a copy of such information as required by law;
- To your bank and to the other issuers of payment cards issued to you at your request, and to any other person that supplies, supports or underwrites a service or product we provide to you insofar as it pertains to your subscription to and use of such service or product;
- To governmental, judicial, regulatory and law enforcement bodies and agencies, including any credit regulator;
- To persons employed by us to provide services on our behalf that adhere to principles similar to ours regarding the treatment of your information, including delivery, debt collection, data hosting, processing and management services;
- To any person to whom we cede, delegate, transfer or assign any of our rights or obligations pertaining to the products or services provided to you or contracts concluded with you;
- To any person that acts as your legal guardian, executor of your estate, curator or in a similar capacity;
- To any person that guarantees or stands surety for the performance of your obligations to us insofar as it pertains to such guarantee or suretyship;
- To such other persons as may be permitted by applicable law or that you may consent to, including persons and entities who may request such information to evaluate your creditworthiness.
Please note that our sharing of your information may also involve the transfer thereof to third parties outside RSA. In the event of such transfer, we will require that such third party also subscribes to protecting your information on terms similar to the terms of this policy.
We will strive at all times to ensure that your records will always be protected against unauthorised or accidental access, processing or loss. We maintain this commitment to data security by implementing appropriate reasonable technical and organisational measures to safeguard and secure your information, including by using appropriate cryptographic techniques and access control mechanisms. If we use a third party to host, manage or process your data on our behalf we will require that such third party also commit to implementing appropriate reasonable technical and organisational measures to safeguard and secure your information. If we are not prevented by a law enforcement or regulatory agency, we will notify you as soon as practicably possible in writing and at your registered postal or email address if we believe that unauthorised access to your information may have occurred, providing you with such information as you may reasonably require to implement protective measures.
What role can you play in protecting your information and accounts?
- Never share your user identification name or number, your personal identification number (PIN) or password with anyone or submit it to any web site that you do not recognise and fully trust and never send such information to us or anyone else via unencrypted electronic mail or other unprotected communication mechanism;
- Only provide your user identification name or number, your PIN or password to us via our web site when your browser shows a Secure Socket Layer (SSL) connection directly to us;
- Do not leave your computer unattended after you have entered your PIN and password to access your accounts via our web site;
- Always log or sign off at the end of a web site session;
- Change your web password regularly;
- Keep your contact details as provided to us up to date and accurate, including by promptly notifying any changes thereto to us; and
- Promptly report any suspected security breach, loss or theft of your user identification name or number, your PIN and/or password and of any cards providing access to your accounts;
When you visit any of our websites we may collect certain information about your usage preferences and history. Such information will be stored in a cookie on your computer's hard drive by your web browser. Cookies are intended to assist and improve your use of our web sites. Most browsers accept cookies automatically, but usually you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you may not be able to use all the features of our websites.
Every time you connect to our web sites we store web server logs which show your IP address (the unique number which your machine uses when it is connected to the Internet); what you looked at; whether the page request was successful or not, and which browser you used to view the pages. The use of this data is strictly for statistical and personalisation purposes only. This helps us understand which areas of the site are of particular interest and also which pages are not being requested. It also tells us how many hits and page requests we get.
Your rights regarding your information
Provided that you give us suitable and adequate proof of your identity, you have a right to know which records we hold about you and to know the identity of all third parties which have been or are to be given access thereto. This can be done by submitting a written request in the prescribed form to us. We may charge a reasonable prescribed fee as notified to you in advance for processing such requests. We will not be obliged to provide you with information to the extent that we are prohibited or permitted thereto by applicable law.
You also have the right to require us to correct or erase any records we hold about you that we are no longer permitted to retain, is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been unlawfully obtained. This can be done by submitting a written request in the prescribed form to us. We will notify you of the steps taken as a result of your request.
Please contact our Risk and Compliance Office indicated at the head of this policy if you want to submit any request to us hereunder. We will provide you with the prescribed form and the amount of any applicable prescribed fee.
We reserve the right to adapt or change this processing policy for personal data, if required, in accordance with POPI and GDPR.