top of page

PRIVACY POLICY

 PRIVACY NOTICE AND INFORMED CONSENT NOTICE

 

Consent to process personal information in terms of the Protection of Information Act, 4 OF 2013 (POPIA)

(Email, Website, and Social Media Privacy)

 

The Protection of Personal Information Act, 4 of 2013 (POPIA) gives effect to the constitutional right to data privacy in terms of Section 14 of the Bill of Rights of the Constitution.

 

The responsible use of the Greystone Bridge (Pty) Ltd T/A HPS Solar's website and related resources in respect of data privacy are important to Greystone Bridge (Pty) Ltd T/A HPS Solar.

 

Whilst Greystone Bridge (Pty) Ltd T/A HPS Solar is committed to protecting all person’s rights to privacy and in consequence, will ensure that all person’s Personal Information is used appropriately, transparently and according to applicable law, Greystone Bridge (Pty) Ltd T/A HPS Solar has to ensure that these rights to privacy are balanced with other rights such as the right to use and have access to the Greystone Bridge (Pty) Ltd T/A HPS Solar's Information and Services including its online and social media platforms and applications.

 

This Policy sets out the responsibilities and obligations of all persons who make use of, access, or receive Greystone Bridge (Pty) Ltd T/A HPS Solar's Information and Communications via its electronic communication facilities and resources including its website, email, and social media platforms and how all users of these facilities and resources are to ensure that when using these resources that they respect and process another’s Personal Information lawfully and in accordance with the provisions of POPIA and the 8 Personal Information Processing Principles.

 

PLEASE READ THE DOCUMENT BEFORE YOU MAKE USE OF THE GREYSTONE BRIDGE (PTY) LTD T/A HPS SOLAR'S ELECTRONIC FACILITIES OR PROVIDE GREYSTONE BRIDGE (PTY) LTD T/A HPS SOLAR WITH ANY PERSONAL INFORMATION; BY PROVIDING GREYSTONE BRIDGE (PTY) LTD T/A HPS SOLAR WITH YOUR PERSONAL INFORMATION, YOU CONSENT TO GREYSTONE BRIDGE (PTY) LTD T/A HPS SOLAR PROCESSING YOUR PERSONAL INFORMATION, WHICH GREYSTONE BRIDGE (PTY) LTD T/A HPS SOLAR UNDERTAKES TO PROCESS STRICTLY IN ACCORDANCE WITH THIS PRIVACY POLICY.

Definitions:

 

“Personal information”, means information relating to an identifiable, living, person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

 

(a.) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

 

(b.) information relating to the education or the medical, financial, criminal, or employment history of the person;

 

(c.) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignments to the person;

 

(d.) the biometric information of the person;

 

(e.) the personal opinions, views, or preferences of the person;

 

(f.) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

 

(g.) the views or opinions of another individual about the person; and

 

(h.) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

 

“Responsible party”, means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;

 

“Data subject”, means the person to whom the personal information relates;

 

“consent”, means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information;

 

“processing”, means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:

 

   a.) the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation, or use

   b.) dissemination by means of transmission, distribution, or making available in any other form; or

   c.) merging, linking as well as restriction, degradation, erasure or destruction of information;

 

“Information officer”, of, or in relation to, a Private body means the head of a private body as contemplated in Section 1 of the Promotion of Access to Information Act 2 of 2000;

 

“Private body”, as defined in the Promotion of Access to Information Act means-

 

  a.) a natural person who carries on or has carried on any trade, business, or profession, but only in such capacity;

  b.) a partner which carries on or has carried on any trade, business, or profession;

  c.) any former or existing juristic person.

 

“operator”, means a person who processes personal information for a responsible party in terms of a contract on the mandate, without coming under the direct authority of that party;

 

The above has been extracted from the Protection of Personal Information Act 4 of 2013 (“POPIA “) and should not be considered as a complete record of definitions. For more information, see Section 1 of POPIA

 

The policy of Greystone Bridge (Pty) Ltd T/A HPS Solar's Rhe Responsible Party shall be to lawfully collect, retain, utilize, disseminate, and destroy/delete any information that:

 

identifies a data subject;

 

can be used or manipulated by a reasonably foreseeable method to identify the data subject; or

can be linked by a reasonably foreseeable method to other information that identifies the data subject;

 

the responsible party shall process personal information in so far as is lawfully permitted, including processing as it appears below.

 

  1. The Protection of Personal Information Act No. 4 of 2013 (“the Act”) allows for the use of a customer’s (“Data Subject”) personal information in order to achieve a purpose;

  2. Normally, the purpose for which we need a data subject’s personal information will be an instruction from the data subject (Customer);

  3. The Data Subject’s personal information is protected, in terms of the Act, by the way, that we process the personal information;

  4. In order to use a data subject’s personal information, we require their written consent, as defined above;

  5. Accordingly, the purpose for which we require a data subject’s personal information will be determined by the purpose of the instruction. E.g., a conveyancing transfer of property;

  6. Upon taking an instruction, therefore, Greystone Bridge (Pty) Ltd T/A HPS Solar's responsible party’s staff will:

 

    6.1 Determine the purpose for which we are instructed, and,

    6.2 Determine the personal information of the data subject that is required for that purpose;

    6.3 Inform the data subject that will require this information, and;

    6.4 Inform the data subject that they need to sign this document, verifying that we may use the personal information to achieve the                        purpose stated.                                         

    6.5 Attached below, are excerpts from the Protection of Personal Information Act, to assist the Customer to gain a better understanding of            the Act, and should they require further information, they may make an appointment with an attorney either at Greystone Bridge (Pty)              Ltd T/A HPS Solar'sresponsible party’s or elsewhere, to gain further information, and should that prove insufficient, they may                            refer to the said Act;                                                                                                      

    6.6 Should the Customer refuse or neglect to furnish the information and to sign this document, Greystone Bridge (Pty) Ltd T/A HPS                     Solar's  responsible party may not carry out the mandate of the Customer.                                            

  7. Greystone Bridge (Pty) Ltd T/A HPS Solar's responsible parties will practice a policy of minimality, meaning that data subject                            information will be obtained, processed, and retained only for the:                                                    

 

    7.1 Purpose of fulfilling an instruction from the Customer;

    7.2 Duration of carrying out the mandate from the Customer;

    7.3 adequate, relevant, and not excessive processing purposes.

 

  8. Greystone Bridge (Pty) Ltd T/A HPS Solar's responsible party will thereafter retain Customer information with their consent, failing                     which it will be deleted/destroyed as the Customer may stipulate.                                                                               

 

  9. The registered Information Officer of Greystone Bridge (Pty) Ltd T/A HPS Solar's responsible party is JANA SMIT and will be the                       Deputy Information Officer;

 

 10. The Responsible Party is entitled in terms of the Act to retain information for lawful purposes, which include, but are not limited to:

 

    10.1 compliance with all lawful authority relative to processing of personal information e.g., FICA, information for interaction with                              Municipalities, The Deeds Registry, the relevant Government Departments, etc 

    10.2 compliance with all lawful authority relative to processing of personal information e.g., FICA, information for interaction with                              Municipalities, The Deeds Registry, the relevant Government Departments, etc 

    10.3 after the purpose of collecting personal information is complete, the responsible party may retain such information:

 

         (a.) For 3 (THREE) years to ensure that should the responsible party be involved in legal action with the data subject, the responsible                   party will have the data subject’s relevant personal information in order to protect and promote the responsible party’s legitimate                     interests, and;

         (b.) concurrent to the above prescriptive period, and extending beyond that, the responsible party shall be entitled to retain the data                     subject’s personal information for as long as prescriptive periods may be extended in terms of the Prescription Act 68 of 1969 (as                   amended), or by any other statute/law whatsoever that determines prescriptive periods

         (c.) for practical purposes, the responsible party has estimated requiring the data subject’s personal information for a total of 5 (FIVE)                   years;

         (d.) notwithstanding the above, nothing contained herein however shall be taken as limiting the responsible party’s rights to protect its                    legitimate interests.

Refer to Section 14(3)(b),14 (6)(b), and 14(7) recorded in “Administrative Information” below.

 

11. SECURITY LEVELS-type of information.

 

The responsible party shall differentiate the processing of a data subject’s personal information as more fully set forth below. Accordingly, the responsible party shall process such personal information of the data subject as is reasonably foreseeably required, in a commercial sense, for the following purposes:

11.1 to process personal information required to achieve the commercial purpose for which the responsible party and the data subject                    intend to contract;

 

11.2 to process personal information in order to validly and lawfully conclude the commercial contract/s intended by the parties;

11.3 to retain and process personal information of the data subject of a sensitive nature, for example, information required to determine the            data subject’s credit worth, turnover, financial stability, liquidity, solvency, and any other personal information which could impact                     the responsible party’s commercial willingness to continue trading with the data subject;

 

11.4 notwithstanding that legal action may not be required, the responsible party shall be entitled to process all such information as is                    necessary to find legal action against the data subject and/or to found a defense/s of legal action by the data subject against the                   responsible party;

 

11.5 to conduct the responsible party’s business and activities lawfully within the scope of the Companies Act 71 of 2008, (as amended) and          where applicable, the Companies Act 61 of 1973 (as amended);

11.6 to conduct the responsible party’s business and activities lawfully within the scope of any other law, lawful custom, code of conduct,                best practice, code of good conduct, or any similar national or international standards applicable to the business of the responsible               party.

       

11.7 Reference: Section 14(3)(a) and (b), read with Section 27(1)(c) and Section 18(1)(g);

11.8 the responsible party shall not collect personal information that is irrelevant to the purpose for which the personal information is                        collected as more fully set forth in the definition of “personal information” recorded above;

11.9 wheresoever, the responsible party processes personal information, it shall do so as stated above, and as authorized by law, code,                lawful custom, and other standards recognized for commercial purposes. The said processing of personal information by the                            responsible party shall be referred to as processing in terms of POPIA for “commercial purposes”.

12.        SECURITY LEVELS-Information Technology

 

The responsible party shall categorize the data subject’s personal information as follows:

 

12.1.     Personal information required for commercial purposes;

 

12.1.1 Sensitive personal information, for example, information relative to credit worth, turnover, liquidity, solvency shall be processed for a specific, lawful and clear purpose (or for specific, lawful, and clear purposes) and will ensure that it makes the Data Subject aware of such purpose(s) as far as possible.

 

12.1.2 personal information which is not sensitive, and which is utilized to identify contracting parties and commercial transactions conducted, including but not limited to contracting, supplying goods, receiving delivery, giving delivery; invoicing, and similar activities.

 

12.1.3 personal information relative to Operators (more fully defined above), for example, independent accountants, attorneys, expert witnesses, financial institutions, information technology experts, etc., shall be processed as follows,

 

  • the responsible party shall determine the purpose for which the Operator/s are to be instructed, and shall divulge to the relevant Operator, such personal information of the data subject as the Operator reasonably foreseeably requires to supply goods and/or services in pursuit of the legitimate interests of the responsible party;

 

13. WEBSITE COOKIES

 

13.1 Our website uses cookies, which are small text files sent by a web server to store on a web browser. They are used to ensure websites            function properly, store user preferences when needed, and collect anonymous statistics on website usage.

 

 

13.2 You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However,            if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so           that it will refuse cookies, our system will issue cookies when you log on to the website. If you accept a “cookie” or fail to deny the use of         “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy).                    Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of our            website.

 

14. CHANGES TO THIS POLICY

 

14.1 Greystone Bridge (Pty) Ltd T/A HPS Solar reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.

 

 

14.2 The current version of this Policy will govern the respective rights and obligations between the Data Subject and Greystone Bridge (Pty) Ltd T/A HPS Solar each time that the Data Subject access and use Greystone Bridge (Pty) Ltd T/A HPS Solar's website

bottom of page