In the course of our business we only process personal information in relation to our clients in terms of the services requested by them, which will be detailed in the agreement between us (“the lawful purpose”).
The types of personal information collected and processed
Ubuntu complies with the Protection of Personal Information Act, No. 4 of 2013 (“POPIA”). “Personal information” is defined in POPIA as information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person, including but not limited to:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
Depending on how you interact with us, personal information we collect may include but without limitation:
- Your Name & Surname
- Email address
- Physical & Postal addresses
- Contact numbers
- Account information
- Your gender and Title
- Your Job Title
- Social media account information.
We may also collect other information that does not personally identify you. Such other information includes browser and device information, website and application usage data, IP addresses, demographic information, geographic location and information collected through cookies and other technologies or information that has been provided for registration to our on-line services. If we link this information with your personal information, we will treat such linked information as personal information.
Why we process personal information
We process personal information to manage our contractual relationship with you, to comply with our legal obligations, or for our legitimate business interests. These includes, but is not limited to:
- where required to comply with a legal obligation;
- enable you to effectively use our solution and services;
- perform administrative and business functions and internal reporting;
- send administrative information to you;
- obtain feedback from you about our services and solutions including through client satisfaction surveys;
- respond to your inquiries and fulfil requests by you;
- assess the performance of our Online Services and to improve their operation;
- inform you about and provide you with our services and solutions;
- update our records and keep contact details up to date;
Legal Basis for processing personal information
How we collect personal information
We collect personal information in South Africa from these possible legitimate sources:
- from you;
- from the documentation that we request and that you provide;
- through sites, when you use our on-line services;
- when doing data analysis, proof of concepts and/or audits
- When logging incidents or requests;
- from information about you that is publicly available
In all circumstances we are committed to protecting your personal information from accidental or unlawful destruction, damage, loss, alteration, unauthorised access or disclosure by using reasonable, appropriate, physical, administrative and technical safeguards and contractually requiring that third parties to whom we disclose your personal information do the same.
Cross Border Transfers
Personal information will only be transferred cross border where it is required by our systems and processed and where the cross border entity complies to POPI or similar legislation and:
- You must consent to the transfer; or
- the transfer must be necessary for:
- the performance of a contract between you and the Responsible Party, or for the implementation of pre-contractual measures taken in response to your request;
- the conclusion or performance of a contract concluded in your interest between the Responsible Party and a third party; or
- the transfer is for your benefit and: –
- it is not reasonably practicable to obtain your consent for that transfer; and
- if it were reasonably practicable to obtain such consent, you would provide it.
We will retain your personal information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations, resolve disputes, protect our assets, or enforce agreements. The criteria we use to determine retention periods include whether:
- We are under a legal, contractual or other obligation to retain personal information, or as part of an investigation or for litigation purposes;
- Personal information is needed to maintain accurate business and financial records;
- There are automated means to enable you to access and delete your personal information at any time;
- You have consented to us retaining your personal information for a longer retention period, in which case, we will retain personal information in line with your consent.
How to Contact Us?