Effective October 2020
The Shoprite Group Data Privacy Statement
Protecting your privacy is as important to us as it is to you. For us, it’s more than just making sure we comply with the relevant legislation; you trust us with your personal information and we respect that trust. This Privacy Statement explains why and how we collect, use and store your personal information. The processing of personal data must be transparent and secure, in conformity with the Protection of Personal Information Act (POPI), the European Union General Data Protection Regulation (GDPR) and the privacy legislation of the countries in which Shoprite Group operates. This Privacy Statement contains the information required by POPI and other relevant privacy legislation.
“We are committed to protecting your personal information and undertake to adhere to the various data and privacy laws that require us to do so. You agree to submit certain personal information to us for the purpose of continuously optimising our products and services to you.”
1. What is this notice about?
We want you to understand who you are sharing your information with, what kind of information we are collecting and how we use the information.
In your day-to-day dealings with the Shoprite Group of Companies we obtain information about you. We want you to know exactly what that information is and what we do with it. This Privacy Statement describes how we collect, use, process, and disclose your personal information, in conjunction with your access to and use of Shoprite Group’s web and app platforms.
The Protection of Personal Information Act protects you.
The Protection of Personal Information Act (POPI) is aimed at protecting your personal information and prescribes what we must and must not do with it. POPI created an Information Regulator who checks that companies like Shoprite manage personal information in a responsible manner that respects your privacy.
Other legislation applies to your personal information.
Other legislation also applies to your personal information. For instance, if you are applying for a Shoprite Money Transfer account, the Financial Intelligence Centre Act (FICA) has to be complied with, or if you buy a SIM card, the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) has to be complied with. This means that from time to time we will be obligated to process your personal information in a certain way (or keep it for a certain period).
This privacy notice is part of our agreement with you.
This Privacy Statement forms part of our agreement with you. You should read it along with the terms and conditions that apply. These terms and conditions can be accessed on the specific Shoprite Group websites or products, and www.shopriteholdings.co.za.
This notice may change from time to time.
From time to time we may have to amend this notice to accommodate changes in our business or services or if legal requirements change. It is your responsibility to check that you have read the latest version.
“The Shoprite Group consists of a host of companies. We may collect information about you when you use our products or services, apply for a job with one of our companies, supply services to us or as a result of your relationship with our clients or third parties.”
2. Who you are sharing your information with
Shoprite is a group of companies.
The following companies or brands are part of Shoprite Holdings Ltd: Shoprite, Checkers, CheckersHyper, Usave, OK Franchise Division, OK Furniture, House & Home, Checkers LiquorShop, Shoprite LiquorShop, Medirite Pharmacy, Transpharm, Checkers Food Services, Computicket, Computicket Travel, Freshmark, K’nect.
For this document we will refer to the Shoprite Group. Our principal place of business is at Cnr William Dabbs & Old Paarl Roads, Brackenfell, 7561 but we recommend you contact our Compliance Officer at firstname.lastname@example.org.
3. When this Privacy Statement applies
This Privacy Statement applies:
- when you use any of our products or services;
- when you apply to us for a job or work placement;
- when you supply services to us where this involves any personal information;
- as a result of your relationship with our clients; and/or
- to any information collected from third parties.
“Personal information may include any data that can identify you.This may be sourced directly from you, your employer, regulatory authorities, recruitment agencies, credit ratings agencies, information or service providers, public records and other third parties mentioned in this policy.”
4. What information we collect
‘‘Personal information’ is any information that can be used to identify you or that we can link to you. Where you use our services, we will collect personal information directly from you.
We may also collect personal information from third parties such as your employing organisation, regulatory authorities, recruitment agencies, credit reporting agencies, information or service providers, publicly available records, and the third parties described in this Privacy Statement.
Information that you voluntarily provide to us
We collect information that you voluntarily provide to us including when you communicate with us via forms, email or other channels; when you sign up for newsletters, alerts, or other materials; and when you respond to our communications or requests for information.
The information you provide may include current and historical personal information including your name, contact details, title, identification, employment, positions held and enquiry/complaint details and information about the organisation with which you are affiliated. We may also collect personal information about your other dealings with us and our clients, including any contact we have with you in person, by telephone, email or online.
We may also collect information about you from various social media platforms. We advise that you familiarise yourself with the respective privacy policies that apply to these platforms. Note that we will process any information from these sources in accordance with the law.”
Information from other sources
We may collect information from other sources, such as social media platforms that share information about how you interact with our social media content, and any information gathered through these channels will be governed by the privacy settings, policies, and/or procedures of the applicable social media platform, which we strongly encourage you to review. We will handle any unsolicited information in accordance with law, including destroying or de-identifying such information where we are required to do so.
When you use our online services, we may collect the following:
- Information you provide by completing forms (this includes information you give us, submitting material, requesting services, entering competitions, registering for any of our online offerings or subscribing to our newsletters or other services).
- Your name and address.
- Your delivery address (if different to above).
- Your contact telephone number in case we need to call you.
- Your credit or debit card number, expiry date and security code.
- Information you provide by your participation in competitions, live chats or message boards.
- Information you provide to us if you contact us, for example to report a problem with our online services or raise a query or comment.
- Where our online services require that you enter a password or other information in order to access certain features, we will collect such credentials when you enter them.
“Transactions such as lay-bys, cell phone/SIM card or gift card purchases may also result in us collecting information from you. This extends to job applications that require us to assess your suitability for employment and may include screening checks.”
Lay-by agreements, cell phones, gift cards, Money Transfer and other services
We have to collect some of your information when you enter into a lay-by agreement, purchase a cellphone or SIM card, replace a lost or stolen gift card or transfer a gift card to another branch and other services.
If you apply for a job with us
We may request personal information about your education, employment, racial background and state of health. As part of your application you will be asked to provide your express consent to our use of this information to assess your application and to allow us to carry out both recruitment analytics and any monitoring activities which may be required of us under applicable law as an employer.
We may also carry out screening checks (including reference, background, directorship, financial, identity, eligibility to work, vocational suitability and criminal record checks) and consider you for other positions. We may exchange your personal information with academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics providers, referees and your current and previous employers.
“We may be legally or contractually obliged to collect information about you to aid in the prevention of crime such as money laundering and other related or similar offenses.”
We may also gather additional information about you from publicly available resources such as LinkedIn or other social or professional media platforms and collate this with the information that you provide to us. Without your personal information, we may not be able to progress considering you for positions with us. In some instances, personal information must be provided to us in order for us to legally or contractually perform services to you, for example where we are required by law to gather personal information for anti-money laundering identification purposes. Where relevant we will highlight to you those details that we are required to collect.
We collect information when you contact our Call Centres to respond to your query.
When you contact our customer support services, we collect information that helps us to categorise your query, respond to it and, if applicable, investigate what went wrong. We also use this information to track potential problems and trends to customise our support responses to provide a better service to you. Calls are recorded for quality control and record-keeping purposes.
We collect information while you use our websites.
Every time you connect to our websites we store web server logs which show your IP address (the unique number which your machine uses when it is connected to the Internet), what you looked at, whether the page request was successful or not, and which browser you used to view the pages. The use of this data is strictly for statistical and personalisation purposes only. This helps us understand which areas of the site are of particular interest and also which pages are not being requested. It also tells us how many hits and page requests we get.
A cookie is a small piece of information stored by your browser on your device. It may contain some personal details in an encrypted format, which can be recalled when you return to the website. This speeds up our identification, ordering and delivery processes.
Other tracking pixels may also be collected as required.
Our stores and facilities may be monitored by CCTV cameras.
Our facilities may be monitored by CCTV cameras for public safety, crime prevention and quality control.
We don’t collect the information of persons under 18.
We do not collect the information of persons under 18 without the consent of their parents or guardians. If you are under the age of 18 you must not provide personal information to us without the consent of your parent or guardian.
“Our primary goal for collecting information about you is to improve our products and services to you. This includes processing payment information, orders, deliveries, medical records for medicine dispensing or whenever we are obliged to do so under law.”
5. Why we need your personal information
We use your personal information to provide our products and services to you. This includes:
- Processing your payment card details in order to complete any purchase;
- Processing your orders for goods and services;
- Delivering products that you order online;
- Accessing your medical information to dispense medicine at Medirite
- When we have a legal duty to use or disclose your information.
“Your personal information also helps us to accurately assess your suitability for credit. This typically involves identity checks, contact details verification and assessment of financial records.”
We use your personal information to process your application for credit, this includes checking your identity, credit status, contact details and financial track record. We also need personal information to send statements and other legal documents, and collect payments you owe us.
We use your personal information to learn more about the products and services that interest you
- to conduct market research to understand your preferences, learn more about the products and services that you are interested in and improve the products and services we offer to you;
- to inform and provide you with the opportunity to make use of products, services and benefits that we offer and that we believe may be of interest to you.
Please note that we will not contact you telephonically for unsolicited marketing purposes or send unsolicited marketing communications to you by mail, SMS or email if you have not opted in to receive them.
“We will never sell your personal information and will not provide any of it to entities outside our group for marketing purposes. However, you agree that we may share your information with divisions within our group or companies that help us deliver our products and services to you. We also share your information with relevant financial institutions and regulatory entities on a per need basis.”
6. Sharing your information
Your privacy is important to us, which is why it is our policy not to share your personal information with other companies without your consent. In particular, we will never sell your personal information. We will not provide any of your information to entities outside our group so as to permit them to market their goods or services to you.
You agree that we may transfer your information to the following people and organisations in order to process your data as set out in this Policy Statement:
- Your data may be used by other divisions and entities in the Shoprite Group.
- We only share your personal information with companies that help us to provide our services to you and who have agreed to keep your information secure and to only use it for authorised purposes.
- We use suppliers or service providers who we trust to provide services to us and sometimes that involves sharing your information with them. They operate under strict requirements aimed at keeping your personal information secure and confidential and they will only use it for the purpose for which we have sent it to them.
- We share your personal information with our bank and the other issuers of payment cards you use.
- To governmental, judicial, regulatory and law enforcement bodies and agencies, including any credit regulator.
Some of these service providers may be located in other countries that may not have the same levels of protection of personal information as South Africa. If this is the case, we require that they undertake to protect the personal information of our customers to the same level that we do.
“You have the right to know what information is being collected about you, to have it corrected or to opt out of any marketing campaigns. Contact our Compliance Officer to learn more about your rights with respect to your data. Note that you may be expected to terminate all agreements with us if you choose to have your data permanently deleted from our records.”
7. Your rights and preferences
You have the right to know what personal information we have about you, to correct it and to opt out of any marketing.
You have the right to:
- ask what personal information we hold about you;
- ask what information was sent to our suppliers, service providers or any other third party;
- ask us to update, correct or delete any out-of-date or incorrect personal information we hold about you;
- unsubscribe from any direct marketing communications we may send you;
- object to the processing of your personal information.
If you want us to delete all personal information we have about you, you will probably have to terminate all agreements you have with us. We cannot maintain our relationship with you without having some of your personal information. We can refuse to delete your information if we are required by law to keep it or if we need it to protect our rights.
Please contact our Compliance Officer shown at the beginning of this policy if you want to submit any request to us. We will provide you with a form and the amount of any fee.
Some of your information is available online.
You are able to view and correct some of your information online by creating an online profile. Other information can be corrected via email email@example.com.
“We have taken every reasonable measure to keep all our information assets secure, reliable and protected from unauthorised access. To this end, we deploy the latest in security technologies and best practices in the management of your information and will inform you in the unlikely event of your information being compromised.”
We take your privacy and the security of your personal information seriously.
We have implemented reasonable security safeguards to protect the personal information that you give us. For example sensitive data (such as your credit card information) is protected by SSL encryption when it is exchanged between your web browser and our website.
You can play a role in protecting your information by never sharing your username, PIN or password with anyone or submitting it to a website you don’t recognise. Always log off after a web session and change your password regularly.
We regularly monitor our systems for possible vulnerabilities and attacks. No system is perfect so we cannot guarantee that information may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or managerial safeguards.
Please note that any email you send to us is not encrypted and may be monitored by us. Please do not send us sensitive or confidential personal information by email.
We will inform you if your privacy is ever compromised.
Although we cannot prevent all security threats, we have measures in place to minimise the threat to your privacy. We will let you know of any breaches which affect your personal information.