D&R INCORPORATED PRIVACY POLICY

1. PRIVACY NOTICE

1.1 D&R Incorporated processes personal information in terms of this policy when we act as a responsible party.
1.2 This policy (read with other notices given to individual data subjects) is our notice in terms of section 18 of the Protection of Personal Information Act, 2013 (POPIA).
1.3 This policy describes what personal information we process, where we collect it, why we process it and the legal basis upon which we do so and generally, how we do so.

2. THE INFORMATION WE COLLECT AND PROCESS

2.1 INFORMATION RELATING TO OUR SERVICES
2.1.1 We process personal information in relation to our legal and financial services (Service Information) including names, identity, passport or registration numbers, VAT numbers, contact information (phone numbers, email and other addresses) information in communications with our clients and others relating to our services, bank account details, financial information, employment history, marital status and children.
2.1.2 Our clients and their employers or representatives are the main source of the Service Information but we also source it from others on our clients’ instructions.
2.1.3 We process Service Information to provide, bill and obtain payment for our services, ensure the security of our business and systems including our website, comply with the law, charging VAT and keeping records of our dealings with our clients and securely administering our company and marketing our services.
2.1.4 We process Service Information based on consent or compliance with the law.
2.2 INFORMATION VIA OUR WEBSITE AND SOCIAL MEDIA PLATFORMS
2.2.1 You do not have to provide personal information to us when you visit our website or communicate with us using a social media platform on which we have an account but you can do so by :
2.2.1.1 sending an enquiry to us;
2.2.1.2 subscribing for marketing communication
2.2.1.3 registering for any of our services
2.2.1.4 applying for employment via email to us or, where applicable, through our website.
2.2.2 If you provide us with personal information using our website or when you communicate with us using our social media accounts, we source that information from you with your consent and we only use it for the purpose for which you provide it.
2.2.3 Your email enquiries are held on our email server by the addressee and by anyone in our business to whom the addressee refers your email for a response. Your subscriptions and registrations are held by our marketing personnel. Job applications are held by our human resources personnel and anyone to whom our human resources personnel refer your application for consideration.
2.2.4 We use the personal information that you provide to us through our website or when communicating with us using our social media accounts:
2.2.4.1 for the purposes for which you provided it;
2.2.4.2 to administer and improve our website;
2.2.4.3 to improve our services
2.2.4.4 to communicate with you.
2.2.5 When you use our website or our social media accounts, we process personal information about how you do so including your IP address and information about your use of the website (analytics information). We do not collect any of your other personal information when you use our website and we do not use the analytics information to identify any person. We collect the analytics information from our website analytics service provider. The analytics information is legally used to analyze the use of and to improve our website.
2.2.6 We use social media platforms such as Facebook and Whatsapp to communicate with the public about our business and services. Social media platforms have their own privacy policies which can be found on their websites and these platforms are beyond our control.
2.2.7 If you post information on our website or on our social media accounts, we may process personal information in your posts (Published Information). We may process the Published Information to enable publication of your posts and in administering our website and marketing services. The legal basis upon which we process Published Information is your consent or our legitimate interests in properly administering our business including our website and marketing our services or entering or performing a contract with
2.3 INFORMATION OF OUR PEOPLE, THEIR FAMILY MEMBERS AND BENEFICIARIES
2.3.1 We process personal information in relation to our directors, partners, employees and their family members and beneficiaries (Employee Information) including names, identity or passport numbers, contact information, bank account details, payroll information, marital status, children, race, gender and biometric information.
2.3.2 Our directors, partners and employees are the main source of the Employee Information but we also source it from references, public records and licensed databases.
2.3.3 We process Employee Information in relation to our services, dealing with potential client enquiries, concluding and managing our contracts with our directors, partners and employees, in relation to benefits, to comply with applicable laws including employment, tax, laws relating to COVID-19, determining our employment equity compliance, in our legitimate business interests in determining our BBBEE contribution level, so we know who to contact in an emergency involving a director, partner or employee, in implementing, monitoring and applying access and security controls for our offices and databases, in dealing with disputes and claims by and against us involving any of our directors, partners or employees, including legal proceedings in any forum.
2.3.4 The legal bases upon which we process Employee Information are consent or compliance with the law or concluding and performing a contract with our directors, partners or employees or our legitimate interests in providing our services, marketing our services, administering our business, securing our offices and databases, ensuring a proper standard of service to our clients and communicating with and managing our directors, partners and employees.

2.4 INFORMATION RELATING TO JOB APPLICATIONS

2.4.1 We process the personal information relating to job applicants including names, contact details, education, employment history, race, gender and any other personal information included in the job application (Applicant Information).
2.4.2 We source most of the Applicant Information from the job applicant in person, by email or, where applicable, through our website. We may also source Applicant Information from references, public records and licensed databases.
2.4.3 We process Applicant Information to consider and deal with the job applications and in order for us to contact applicants about possible job opportunities.
2.4.4 The legal basis upon which we process the Applicant Information is consent or our legitimate interests in recruiting employees for our business.

2.5 SUPPLIER INFORMATION

2.5.1 We process personal information relating to potential and actual suppliers of goods and services including names, identity, passport or registration numbers, contact information, VAT numbers, bank account details (Supplier Information).
2.5.2 We usually source the Supplier Information directly from our potential or actual suppliers but we may source it from quotations, adverts, references or other suppliers.
2.5.3 We process Supplier Information in relation to the quotations we obtain and supply contracts we conclude in relation to our business and in providing our services to our clients. The legal bases upon which we process Supplier Information include consent or concluding and performing contracts with suppliers or our legitimate interests in managing relationships and communicating with our suppliers, receiving, processing and paying supplier invoices, complying with applicable laws including tax laws, dealing with disputes and claims by and against us relating to any of our suppliers, including legal proceedings in any forum.

2.6 OTHER TYPES OF INFORMATION

2.6.1 We also share personal information as necessary to open accounts and receive and process payments through banks (Bank Information). We share Bank Information with banks where necessary to comply with money laundering and terrorist financing laws including the Financial Intelligence Centre Act, 2001, to receive and make payments, pay refunds or communicate with you and the bank in relation to such payments or refunds. The source of the Bank Information is usually the account holder but sometimes we source Bank Information from the banks themselves and from people (not the account holder) for whom, to whom or from whom the payment is made or received. The legal basis upon which we process Bank Information is consent or compliance with the law or performance of a contract such as paying an employee or supplier or our client or the legitimate interest of our client where we pay on its instructions or our legitimate interest in paying our employees or suppliers for services or goods purchased in relation to our business. Every bank has a privacy policy which you can find on its website.
2.6.2 If you enquire about our services, we may process your personal information (Enquiry Information). We process Enquiry Information about our services for the purposes of responding to your inquiry and marketing our services to you and to
do conflict checks. Consent and compliance with the law are the legal bases upon which we process your Enquiry Information.
2.6.3 If you subscribe to our emailed marketing communications, we process your personal information (Marketing Information). We source Marketing Information from you. We process Marketing Information for our legitimate purposes of marketing our services including sending you invitations to events, updates and other communications about our business and services. The legal basis upon which we process Marketing Information is your consent.
2.6.4 We process information when you communicate with us (Communication Information). The Communication Information may include your name and contact details, the content of your communication and if you use our website or social media accounts for your communication, related metadata. We process Communication Information to communicate with you and keep records. The legal basis upon which we process Communication Information is our legitimate interest in properly administering our business and website, marketing our services to clients and responding to enquiries.
2.6.5 We process any of the personal information identified in this policy to investigate, assess, establish, exercise or defend legal claims by or against us in any forum (Claims Information). The legal basis upon which we process Claims Information is our legitimate interest in protecting and enforcing our rights or the rights of others and the proper administration and protection of our business.
2.6.6 We process any of the personal information identified in this policy when necessary for audits, to obtain expert advice, identify, mitigate and manage risks and obtain and maintain and claim under insurance cover (Risk Information). The legal basis on which we process Risk Information is our legitimate interest in identifying, managing and protecting our business against risk and dealing with any related disputes or claims by or against or involving us, including legal proceedings in any forum.
2.6.7 We process any of the personal information described in this policy and your health information where necessary to comply with the law (e.g. COVID 19 laws) and when necessary to cooperate with any investigation by any regulatory authority or law enforcement agency.
2.6.8 We process any of the personal information described in this policy when necessary to protect your life or other vital interests or those of any other person.

3. SHARING YOUR PERSONAL INFORMATION WITH OTHERS

3.1 We will not sell personal information to anyone.
3.2 When necessary, our trusted third party operators process personal information for us. We contract with our operators binding them to comply with applicable data privacy laws including POPIA. Our contracts oblige our operators to process information only for the purposes and means of processing we prescribe.
3.3 We use the following service providers to process personal information : hosting provider, web analysis service provider, providers of online platforms, IT programming and maintenance service providers (including website and email exchange), archiving and document storage service providers (electronic and hard copy).
3.4 We disclose personal information to regulators and law enforcement agencies where required by law and where we reasonably believe disclosure is necessary to identify, contact or stop someone who may breach our privacy policy or who may cause harm to, or interfere with, our rights, property, safety or interests or those of anyone else including other users of our website or our social media accounts.
3.5 We disclose personal information to underwriters and professional advisors when necessary so that we can obtain or maintain insurance cover, manage risk, get their advice or to establish, exercise or defend our rights including in relation to claims by or against us in any legal proceedings in any forum and in any negotiation.

4. MANDATORY AND VOLUNTARY DISCLOSURE

4.1 Where we have to collect and process personal information to comply with the law, we cannot provide our services to you unless you provide that information.
4.2 Except where providing personal information to us is required by law, our clients are free to volunteer personal information to us. If a client chooses not to provide personal information which we request to enable us to provide our services, this may restrict or prevent us from providing our services to that client.

5. PROTECTING PERSONAL INFORMATION

5.1 We take appropriate and reasonable technical and organizational steps to protect your personal information against unauthorized access or disclosure.
5.2 The steps we take include physical and electronic access control, encryption, appropriate firewalls and malware and virus protection.

6. DATA SUBJECT RIGHTS OF ACCESS, RECTIFICATION, OBJECTION AND COMPLAINT

6.1 Every data subject has the rights of access, rectification, objection and complaint. To get a proper understanding of these rights please read the relevant provisions in POPIA.
6.2 Should you feel that we have processed your personal information unlawfully, you may complain to the Information Regulator who can be contacted at:
6.2.1 JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001;
6.2.2 P.O. Box 31533, Braamfontein, Johannesburg, 2017; or
6.2.3 Complaints email : complaints.IR@justice.gov.za

7. AMENDING THIS POLICY

We may update this policy from time to time by publishing a new version on our website.

8. OUR ADDRESS AND INFORMATION OFFICER’S DETAILS

8.1 D&R Incorporated’s head office is at 296 Jabu Ndlovu Street, Pietermaritzburg, 3201.
8.2 Our Information Officer can be contacted on : legaldbn@drincorporated.co.za