d
Skip to main content

Data Processing Policy

Last updated 13 October 2022

1. Introduction

The Protection of Personal Information Act of 2013 ("POPIA") is the central piece of legislation that regulates the collection, storage, use, handling, processing, transfer, retention, archiving and disposal of a person's Personal Information.

The Company as the Responsible Party defined in POPIA, collects and processes your Personal Information to conduct our business as a credit bureau and delivering services to you. The Company is responsible to collect, store, use, handle, process, transfer, retain, archive and otherwise manage Personal Information in a lawful, legitimate and responsible manner and in accordance with the provisions set out in POPIA. Our Terms and Conditions as well as the Privacy Policy (together the "POPIA Documents") also set out the how we collect, process, use and disclose your Personal Information to ensure compliance with POPIA. The POPIA Documents are available on the Company's website (https://www.nottoafrica.com/index) can be requested by you directly from us by contacting the person specified in clause 16 below. By accessing our website or using our services , you agree to be bound by the POPIA Documents, which are incorporated by reference, into this consent document. In the event of conflict between this consent document and the POPIA Documents and such conflict cannot be reconciled, the provisions of our Terms and Conditions shall prevail.

In order to discharge this duty, the Company requires your express and informed permission to collect and to process your Personal Information as set out in this consent document.

2. Definition

"The Company" means Notto SA (Pty) Ltd and its affiliated, holding and subsidiary companies.

"Consent" means in relation to POPIA, any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the processing of personal information about them.

"Data Subject" means any individual or legal entity to whom personal information relates.

"Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including—

  • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
  • dissemination by means of transmission, distribution or making available in any other form; or
  • merging, linking, as well as restriction, degradation, erasure or destruction of information;

"Personal Information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • information relating to the education or the medical, financial, criminal or employment history of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
  • the biometric information of the person;
  • the personal opinions, views or preferences of the person;
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
  • the views or opinions of another individual about the person; and
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

In addition to the above, the Company further collects the following as Personal Information:

  • all addresses including residential, postal and email addresses;
  • the details and name of the property that has been leased or let;
  • payment data such as but not limited to rental payment information;
  • data related to the Data Subject's social media accounts; and
  • any feedback, reviews and submissions that the Data Subject may provide on the Company's website or any social media platform administered by the Company.

3. Purpose for the collection

The purpose for the collection of your Personal Information and the reason for the Company requiring your Personal Information is to enable the Company –

  • to comply with lawful obligations, including amongst others, all applicable laws such as but not limited to POPIA, the Financial Intelligence Centre Act 38 of 2001and the National Credit Act 34 of 2005;
  • To facilitate account creation, logon process and verification of your identity or to verify that you are an authorised user for security purposes;
  • To give effect to and fulfil the contractual relationship between the Company and you, and for the Company to provide the services to you;
  • For the detection and prevention of fraud, crime, money laundering or other malpractice;
  • To protect the legitimate interests of the Company, you and or any third parties;
  • To conduct market or customer satisfaction research or for statistical analysis;
  • For audit and record keeping purposes;
  • In connection with legal proceedings;
  • Subject to clause 14 and in compliance with the relevant provisions of POPIA, for marketing and promotional purposes and delivery of targeted advertisement to you; and
  • For the Company to conduct is legitimate business operations.

All Personal Information which you provide to the Company will only be used for the purposes set out above.

4. Consequence of witholding consent to collect and to process personal information

You are within your rights to withhold consent to the Company collecting and processing your Personal Information. In the event that you withhold consent (by electing not to sign this consent document or explicitly informing us of your refusal) to allow the Company to process your Personal Information, the Company will not be able to engage with you or to enter into an agreement or relationship with you. If you elect to withhold consent, the Company reserves the right to deny, withhold and /or terminate your access to our website and / or the provision services provided to you.

5. Storage of personal information

All Personal Information, whether hard copy or a soft copy, which you provide to the Company will be held and stored securely and for the purpose for which it was collected. The secure storage facilities for the Personal Information will be reviewed regularly by the Company. The information as contained in soft copies, will be stored electronically in a centralised data base.

Where appropriate, hard copies of Personal Information will be stored and retained safely under lock and key or warehoused in a secure location off premises.

6. Retention, archiving and destruction of personal information

The POPIA principle that Personal Information is not retained for longer than is necessary for achieving the purpose for which it was collected and subsequently processed, is one by which the Company abides. Subject to the exceptions below, we will only keep your Personal Information for as long as it is necessary for you to access our website and use our services or for such other purposes as may set out in this consent document.

The exceptions to the above principle specifically provided in POPIA are where –

  • the retention of the record is required or authorised by law;
  • the Company reasonably requires the record for lawful purposes related to its functions or activities;
  • the retention of the record is required in terms of an agreement between the Company and yourself; or
  • the record is retained for historical purposes, with the Company having established appropriate safeguards against the record being used for any other purpose.

When the Company is no longer authorised to retain your Personal Information, it shall destroy or delete such Personal Information or records of Personal Information or de-identify them in a manner that prevents their reconstruction in an intelligible form.

7. Disclosure and transfer of personal information to others

The Company may from time to time transfer and/or disclose your Personal Information to service providers, agents and consultants. We will put in place agreements with each service provider to ensure that they comply with the strict confidentiality, comply with to our POPIA Documents and the POPIA. The Company may also share and disclose your Personal Information:

  • With our affiliates, in which case we will require those affiliates to adhere to this privacy notice. Affiliate includes our parent company and any subsidiary, joint venture partners or other companies that we control or that are under the common control with us; or
  • with our business partners; or
  • With regards to or in connection with or during negotiations of, merger, sale of company assets, financing or acquisition of all or a portion of our business to another company; or
  • Where we have a duty or a right to disclose in terms of law or industry code of conduct; or
  • Where we believe it is necessary to protect our rights; or
  • Where you have provided us with your consent.

8. Transfer of personal information outside of South Africa

We are based in South Africa and our server is located in South Africa. Please take note that, subject to compliance with the relevant legislation, your Personal Information may be transferred to, stored and processed by the Company in our other facilities/ servers and by those third parties with whom we may share your information with.

9. Your right to object to the processing of your personal information

You have the right to have your Personal Information processed in accordance with the eight conditions of lawful processing of Personal Information as set out in POPIA.

In terms of Section 11(3) of POPIA and in the prescribed manner, you have the right, unless legislation provides for such processing, to object at any time to the Company processing your Personal Information, on reasonable grounds and relating to your particular situation.

On receipt of your notice of objection together with the reasons thereof, the Company is responsible to place any further processing of your Personal Information on hold until the reason for the objection has been addressed and either:

  • the objection is resolved and withdrawn, or
  • the objection is upheld and accepted by the Company.

In the event that the objection is upheld, no further processing of your Personal Information shall be done by the Company and as a result thereof, the Company shall be entitled to terminate the rendering of the services to you.

In addition to the right to notify us of your objection to the processing of your Personal Information, you have the right to submit a complaint directly to the Information Regulator in terms of Section 74 of POPIA, alleging interference with the protection of your Personal Information.

10. Your right to withdraw your consent to the processing of your personal information by the Company

In terms of Section 11(2) of POPIA, you have the right to withdraw your consent to the Company processing your Personal Information, provided that the lawfulness of the processing of your Personal Information before such withdrawal or the processing of Personal Information (to the extent that the processing is necessary to carry out actions for the conclusion or performance of a contract to which you are a party) will not be affected.

11. Your right to access your personal information

You have the right at any time to request the Company to provide you with:

  • the details of any of your Personal Information that the Company holds, including any record relating to your Personal Information; and
  • the details of the manner in which the Company has used and processed your Personal Information

To do this, simply contact us at the numbers/addresses as provided on our website and specify what information you require. We will need you to provide identifiable documentation such as but not limited to, a copy of your ID document and proof of address to confirm your identity before providing details of your personal information.

12. Your right to request correction, destruction or deletion

You have the right to request the Company, where necessary, to correct and/or delete your Personal Information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.

You also have the right to request the Company to destroy or to delete a record of your Personal Information that the Company is no longer authorised to retain.

We will need you to provide identifiable documentation such as but not limited to, a copy of your ID document and proof of address to confirm your identity before making changes to personal information we may hold about you.

13. Accuracy of information

POPIA requires that all your Personal Information and related details as supplied are complete, accurate and up to date. Whilst the Company will always use its best endeavours to ensure that your Personal Information is reliable, it is your responsibility to advise the Company of any changes to your Personal Information, as and when these changes may occur.

14. Direct marketing, advertising and promotional activities

Unless you signed and completed a Consent for Direct Marketing (or similar document to Form 4 of Regulation 6 of the POPIA), the Company undertakes not to further process your Personal Information for the purpose of marketing to you or providing you with third party products or other optional products/ services.

15. Revision and updates

The Company reserve the right, in our sole discretion, to make changes or modifications to this consent document at any time and for any reason, including but not limited, to comply with any law and regulations. We will notify you about any changes and modifications and you undertake to sign any amendment or supplementary document to give effect to the changes or modification. If you fail to sign the documents to give effect to the changes or modifications, we reserve the right to terminate your use and access to our website and / or our services.

16. Contact us

If you have any queries about this consent document or you need further information about our privacy practices or wish to object, withdraw consent; exercise access or correct your Personal Information, please contact us at the numbers/addresses listed below:

Notto SA (Pty) Ltd.Address: 1st Floor – Sandton Gate, 25 Minerva Avenue, Sandton, Gauteng, 2196Phone: +27 71 989 6268Email: hello@notto.co.za