Privacy Policy

About this policy

Welcome to our privacy policy. We are Thinkst Applied Research (Registration number 2017/085266/07) and this is our plan of action when it comes to protecting your privacy. We respect your privacy and take the protection of personal data very seriously.

Purpose

The purpose of this policy is to describe the way that we collect, store, use, retain, and protect information that can be associated with you or another specific natural or juristic person and can be used to identify you or that person.

Scope

This policy applies to you if you are:

  • a prospective, present, or past stakeholders;
  • a visitor to our website; or
  • a customer who has ordered or requested the goods or services that we provide.

Endorsement

The privacy policy will be revised annually or as and when required to introduce required changes.

Terminology

Data subject
- means the person whose personal data is being processed. In South Africa (unlike the rest of the world), this right also extends to juristic persons such as trusts and companies.
Personal data
- can also be known as personal information and means any information about a living human being or existing organisation (as applicable data protection laws require), provided that someone is capable of identifying them from that information.
Processing
- means doing anything with personal data, including gathering it, disclosing it, combining it with other information, or storing it.

Our policy

What is personal data?

Personal data includes:

  • certain information that we collect automatically when you visit our website;
  • certain information collected on registration (see below);
  • certain information collected on submission; and
  • optional information that you provide to us voluntarily (see below);

but excludes:

  • information that has been made anonymous so that it does not identify a specific person;
  • permanently de-identified information that does not relate or cannot be traced back to you specifically;
  • non-personal statistical information collected and compiled by us.

Common examples

Common examples of the types of personal data which we may collect and process include your:

  • identifying information – such as your name, date of birth, or identification number of any kind;
  • contact information – such as your phone number or email address;
  • address information – such as your physical or postal address; or
  • demographic information – such as your gender or marital status.

Sensitive personal data

Depending on the goods or services that you require, we may also collect sensitive personal data including your:

  • financial information – such as your bank account details;
  • sensitive demographic information – such as your race or ethnicity;
  • medical information – such as information about your physical or mental health;
  • sexual information – such as information about your sex life or sexual orientation;
  • criminal information – such as information about your commission or alleged commission of any offence or about any related legal proceedings;
  • employment information – including your membership in a trade union; and
  • beliefs – including your political or religious beliefs.

Purpose for processing

We may use or process any goods or services information, or optional information that you provide to us for the purposes that you indicated when you agreed to provide it to us. Processing includes gathering your personal data, disclosing it, and combining it with other personal data. We generally collect and process your personal data for various purposes, including:

  • goods or services purposes – such as:
    • collecting orders or requests for and providing our goods or services,
    • managing our contracts with various data subjects,
    • managing customer credit in general,
    • processing customer requests or complaints,
    • keeping our data subject records and information up to date,
    • better understanding of our data subject’s needs,
    • providing support to our customers, and
    • collecting address information for delivery of our devices.
  • business purposes – such as:
    • managing employees in general,
    • internal audit,
    • accounting, and
    • business planning and due diligence, and joint ventures, disposals of business, or other proposed and actual transactions.
  • legal purposes – such as:
    • handling claims and enforcing debts, and
    • complying with regulations or pursuing good governance.

Consent to collection

We will obtain your consent to collect personal data:

  • in accordance with applicable law;
  • when you provide us with any registration information or optional information.

Acceptance

Acceptance required

You must accept all the terms of this policy when you order our goods or request our services. If you do not agree with anything in this policy, then you may not order our goods or request our services.

Legal capacity

You may not access our website or order our goods or request our services if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts.

Deemed acceptance

By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all its terms.

Your obligations

You may only send us your own personal data or the information of another data subject where you have their permission to do so.

How do we collect personal data?

On submission of an enquiry or registration

When you submit an enquiry, register on our website, or engage with our goods and services, you will no longer be anonymous to us.

This personal data may include:

  • your name and surname;
  • your email address;
  • your telephone number;
  • your company name, company registration number, and VAT number;
  • your postal address or street address; and
  • your username and password.

We will use this personal data to fulfil your account, provide additional services and information to you as we reasonably think appropriate, and for any other purposes set out in this policy.

On order or request

When you order our goods or request our services from us, you will be asked to provide us with additional information on a voluntary basis (goods or services information). However, failure to provide us with personal data we require may result in you not being able to access the service provided.

Virtual events

You will provide us with personal data when you attend any virtual events that we provide.

From browser

We automatically receive and record Internet usage information on our server logs from your browser, such as your Internet Protocol address (IP address).

Cookies

We only use essential cookies on our web-based services. These are cookies which are strictly necessary for our website to be able to operate or to provide you with a service on our website which you have requested.

Optional details

You may also provide additional information to us on a voluntary basis (optional information). This includes content or products that you decide to upload or download from our website or when you enter competitions, take advantage of promotions, respond to surveys, order certain additional goods or services, or otherwise use the optional features and functionality of our website.

Audio and visual recordings

We may monitor and record any virtual conference calls and meetings that you are a party to unless you specifically request us not to.

Who are our data subjects?

We process the personal data of the following categories of people:

  • customers or organisations,
  • prospects or leads,
  • employees,
  • recruiters and medical practitioners providing services related to employees,
  • contractors, vendors, or suppliers,
  • children and their guardians,
  • debtors and creditors,
  • dealers, and
  • directors and shareholders.

Use

Our obligations

We may use your personal data to fulfil our obligations to you.

Messages and updates

We may send administrative messages and email updates to you about the website.

Reasons we share personal data

Sharing

We may share your personal data with:

  • other divisions or companies within the group of companies to which we belong so as to provide joint content and services like registration, for transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications (they will only use this information to send you marketing communications if you have requested their goods or services);
  • an affiliate, in which case we will seek to require the affiliates to honour this privacy policy;
  • our goods or services providers under contract who help provide certain goods or services or help with parts of our business operations, including fraud prevention, bill collection, marketing, technology services (our contracts dictate that these goods or services providers only use your information in connection with the goods or services they supply or services they perform for us and not for their own benefit); and
  • other third parties who provide us with relevant services where appropriate.

Regulators

We may disclose your personal data as required by law or governmental audit.

Law enforcement

We may disclose personal data if required:

  • by a subpoena or court order;
  • to comply with any law;
  • to protect the safety of any individual or the general public; and
  • to prevent violation of our customer relationship terms.

No selling

We will not sell personal data. No personal data will be disclosed to anyone except as provided in this privacy policy.

Employees

We may need to disclose personal data to our employees that require the personal data to do their jobs. These include our responsible management, human resources, accounting, audit, compliance, information technology, or other personnel.

Change of ownership

If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal data we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal data migrating to a new owner, you may request us to delete your personal data.

Security

There is no such thing as 'perfect security'. We have to compromise between increased levels of security and the convenience to you in transacting with us.

Our security responsibilities

We take the security of personal data very seriously and always do our best to comply with applicable data protection laws by maintaining reasonable measures to protect personal data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. Our hosting company will host our website in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders. We authorise access to personal data only for those employees who require it to fulfil their job responsibilities. We implement disaster recovery procedures where appropriate.

Our security disclaimers

Please note the following:

The third parties whose systems we link to are responsible for the security of information while it is collected by, stored on, or passing through the systems under their control.

We will use all reasonable endeavours to ensure that our website and your information is not compromised. However, we cannot guarantee that no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware, or adware). You should be aware of the risks associated with using websites (addressed below).

If you experience a problem or loss that is caused by information you provided to us, your computer being compromised in some way or by something beyond our control, we cannot take responsibility for causing the problem. We will, however, do our best to help you if we can.

Phishing

You must only log in to your account from a trusted webpage. Before logging in to your account you must check the URL carefully and ensure it reflects the URL you are familiar with to access your console.

You must check the email address of any correspondence you receive from us to ensure the email address is correct and valid.

Accurate and current

We will try to keep the personal data we collect as accurate, current, complete, confidential and reliable for the purposes defined in this policy. From time to time we may request you to update your personal data on the website. You are able to review or update any personal data that we hold on you by accessing your account online, emailing us, or phoning us. Please note that to better protect you and safeguard your personal data, we take steps to verify your identity before granting you access to your account or making any corrections to your personal data.

Retention

We will only retain your personal data for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:

  • retention of the record is required or authorised by law; or
  • you have consented to the retention of the record.

During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal data.

We may retain your personal data in physical or electronic records at our discretion. We retain and dispose of your personal data in accordance with our Records Retention and Disposal Policy.

Transfer to another country

In certain instances, we send personal data outside of South Africa to various countries. We will only transfer data to other countries who have similar privacy laws to South Africa’s that provide an adequate level of protection, or to recipients who can guarantee the protection of personal data to the same standard we must protect it, or where you provide us with consent to transfer your personal data.

Your rights

Request what information we hold on you

You may request access to your personal data to receive a copy of the personal data that we hold on you.

Updating or removing

You may choose to correct or update the personal data you have submitted to us, by clicking the relevant menu in any of the pages on our website or contacting us by phone or email.

Withdrawal of consent, objection to or restriction of processing

You may:

  • withdraw your consent where we are relying on consent as a lawful justification to process;
  • object to our processing where we are relying on another lawful justification for processing; and
  • request us to restrict the processing of your personal data.

Please note that if you do so, we might not be able to provide services to you.

We may need to request additional information from you to verify your identity for you to access these rights. This is to ensure that your personal data is not disclosed to an unauthorized person.

Notification of unauthorised use, disclosure, or processing

If we become aware of any unauthorised use, disclosure, or processing of your personal data we will notify you.

Information Regulator

If you are not satisfied with how we process your personal data, you have the right to lodge a complaint with the Information Regulator. You may contact the Regulator using the contact details available on their website at https://inforegulator.org.za/contact-us/.

Enquiries

If you have any questions or concerns arising from this privacy policy or the way in which we handle personal data, please contact us at:

  • Contact number – +1 800 604 2856
  • Information Officer – io@thinkst.com

Changes

We may change the terms of this policy at any time by updating this web page. We will notify you of any changes by placing a notice in a prominent place on the website or by sending you an email detailing the changes that we have made and indicating the date that they were last updated. If you do not agree with the changes, then you must stop using the website and our goods or services. If you continue to use the website or our goods or services following notification of a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.

Limitation

We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third-party websites.

Responsibility

The information officer is responsible for overseeing the protection of personal data at Thinkst. They are responsible for ensuring that the policy is effective and relevant. Their contact information is:

Name Email
Bradley Jayanath io@thinkst.com

Implementation

We will review this policy annually and update it where necessary or as new legal or business developments require.

Related standards, procedures, and policies

  • Data Protection Policy
  • Records Retention and Disposal Policy
  • Access to Information Manual

Guidance in developing the policy

To develop this policy, we sought guidance from the Protection of Personal Information Act 4 of 2013.

Last Updated

July 2024