M&C SAATCHI ABEL PROPRIETARY LIMITED (“M&C Saatchi”), a company registered in South Africa and carrying on business at 9, 8th Street, Houghton, Gauteng, 2198 and at Media Quarter, 5th Floor, cnr. Somerset and de Smit Streets, De Waterkant, Cape Town, Western Cape, forming part of the M&C Saatchi Group South Africa.
We respect and recognise the importance of protecting your privacy and are committed to complying with applicable data protection laws and set out below details regarding our approach to data protection in all our operations. We want you to be familiar with how we collect, use and disclose information.
We collect personal information about you, including information that directly or indirectly identifies you if you choose to share it with us. We will only collect personal information for a purpose consistent with the purpose for which it is required.
Information we collect from customers
We collect names, contact details, postal and physical addresses, team members’ birthdays, financial and tax information, for the purposes of onboarding you as a customer, managing your account, delivering the services we provide, invoicing you and performing the contract we have with you.
Information we collect from suppliers and professional service providers
We collect names, contact details, postal and physical addresses, company registration number, ID number (if supplier is an individual), team members’ birthdays, bank details, financial and tax information from suppliers and professional service providers so that we can place orders/instruct you and make payment in respect of any goods or services we receive. We do this on the basis of the intention of contracting with you or for the performance of a contract we have with you.
Information we collect from you when you sign up to our newsletter
If you subscribed to our newsletter and/or are one of our clients who have opted in to receive our newsletter or receive it pursuant to our contractual relationship, we collect your name, surname and email in order that we can direct market to you. We will only use the information you provide for this purpose and you will be able to opt-out of receiving this at any time.
Information we collect from you when you visit our website
Information we collect from you when you apply for a job
We process the information you provide in your curriculum vitae, in our application form and supporting documentation/information during the recruitment process purely for the purposes of assessing your suitability for the role, for contacting you to progress your application, to take up any references you have provided and conduct mandatory criminal checks (subject to you signing written consent thereto). The basis for the processing of this information is that a potential employment contract may be concluded, depending on the outcome of our assessment and we have a legitimate interest in finding candidates for roles that we have. In the event that you are successful, this data will form part of your employee file.
Processing, protecting and transferring personal information
Personal information held by us is processed by appropriate members of staff for the purposes for which the information was provided. We will only process personal information in a manner that is adequate, relevant and not excessive in the context of the purpose for which it is processed. That purpose will be compatible with that for which it was collected, unless you have consented to an alternative purpose in writing or we are permitted by the Protection of Personal Information Act (“POPIA”) or in terms of national legislation of general application.
We will not disclose any personal information relating to you to any third party unless your prior written agreement is obtained or we are required or permitted to do so by law.
We may share your personal information within our organisation and with other members of the M&C Saatchi Group South Africa.
We may share your information with third parties such as professional advisors such as accountants, lawyers and insurance brokers, IT Providers, direct marketing providers, HR providers and government bodies/regulators.
We share your information for the purposes of:
• Complying with a legal obligation;
• Performing the contract we have with you; or
• Our legitimate interest in the effective running of our organisation.
All our third party service providers and other entities within the organisation are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
We may disclose your personal information to a prospective buyer or seller in the event that we intend selling or buying any of our business or assets, or in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares (including in connection with any insolvency, bankruptcy or similar proceedings).
As permitted by POPIA, we may use personal information collected to compile profiles for statistical purposes. No information contained in the profiles or statistics will be able to be linked to any specific user.
Retention of your Data
We will not retain your personal information longer than the period for which it is needed and in compliance with applicable law. We determine retention periods in respect of information we hold based on:
• Legal obligations relating to minimum periods to retain data;• The purposes for which we process the personal information and whether we can achieve those purposes through other means;
• Whether the information is required for reporting and analysis purposes relating to our operations;
• The amount, nature, and sensitivity of the personal information; • The potential risk of harm from unauthorised use or disclosure of the personal information.
Destruction of your Personal Information
We will delete all personal information, insofar as it relates to you when it receives a written instruction from you to do so unless we are obliged by law or under our obligations to you to retain such information.
We will destroy or delete any personal information that is no longer needed by us for the purpose it was initially collected, or subsequently processed.
General Description of Information Security Measures
We take appropriate, reasonable technical and organisational steps as required by applicable law to ensure the security of your personal information including policies and procedures around use of technology and devices, IT security, document retention and destruction and data breach procedures. Only persons within our organisation which require your personal information for the performance of their work have access to that information and we do not transfer your information outside of the organisation or your resident country unless we are satisfied that the personal information will be afforded an equivalent level of protection.
We will secure the integrity and confidentiality of personal information in our possession or under our control by taking appropriate, reasonable technical and organisational measures to prevent:
• loss of, damage to or unauthorised destruction of personal information; and
• unlawful access to or processing of personal information.
We will take reasonable measures to:
• identify all reasonably foreseeable internal and external risks to personal information in our possession or under our control;• establish and maintain appropriate safeguards against the risks identified;
• regularly verify that the safeguards are effectively implemented; and• ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
We employ up to date technology to ensure the confidentiality, integrity and availability of the personal information under our care. Measures include, but are not limited to:
• Virus protection software and update protocols.
• Encryption where possible.
• Electronic and physical access control.
• Secure setup of hardware and software making up the IT infrastructure.
• All implemented security controls as managed internally.
• Policies and procedures are implemented to ensure the security of your information.
• Ongoing security awareness training of employees and contractors.
We endeavour to protect your personal information, but you understand that no data transmission over the Internet can be guaranteed to be absolutely secure, and we cannot ensure or warrant the security of any information you transmit to us. Transmitting personal Information is done at your own risk.
Our website is operated from the Republic of South Africa (“RSA”). If you are not located here, and choose to use the website, or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the RSA, as it is necessary, and the RSA’s privacy laws may not be as protective as those in your jurisdiction.
If you are a resident of the European Union (“EU”), we are the controller of your personal data for the purposes of EU data protection law. We will not transfer your personal information or any portion of it to any third party for any reason without your prior written consent, except to the extent that we use third party service providers to host our database.
We may use hosting or cloud services to operate this website and store our data which are not located in the RSA. If we do so, we will ensure that the level of protection given to your personal information is at least as good as that provided for under RSA law, either by means of a binding contract with the service provider, or by using a service provider located in a country with privacy laws of similar or stronger effect.
Your rights in relation to your information
Subject to certain limitations on certain rights, you have the following rights in relation to your information:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Withdraw consent to our use of your information at any time where we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.
Should you have any queries regarding this privacy notice or would like to enforce any rights you may have under applicable data protection laws, please contact us at:
M&C Saatchi Abel
2 De Smit Street
Tel: +27 21 421 1024
We will endeavour to respond to any such requests as soon as is reasonably practicable and in any event within statutory time-limits in the applicable country. In some instances, we may be able to charge a fee for responding to your request and will advise you of this and any applicable amount prior to responding.
You should be aware that certain information is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege.
You should also be aware that in some instances, if you do not provide information or you exercise any rights regarding the deletion or restriction of your information or object to the processing of your information or withdraw consent, we may not be able to perform the contract we have with you or comply with our legal obligations.
Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so. These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.
You also have the right to lodge a complaint with the relevant supervisory authority, details of which are set out below:
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O Box 31533, Braamfontein, Johannesburg, 2017
Complaints email: complaints.IR@justice.gov.za
General enquiries email: firstname.lastname@example.org
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however, we will notify you in writing if this position changes.
Links to other websites
Changes to our Privacy Notice
We reserve the right to amend the terms and conditions of this Privacy Notice at any time. Any changes made to this Privacy Notice in the future will be posted on the website and will be effective from the date of posting. Please check back frequently to see any updates or changes to this notice. Continued use of our website or interactions with us subsequent to any amendments having been made constitutes your acceptance of the Privacy Notice as amended.