Here at African News Agency (“ANA”, “we”, “us or “our”), your privacy, safety, security and trust are of utmost importance to us. This statement explains how we collect, retain and protect your personal information while we provide you with agreed upon Services.
SECTION 1 – SOURCES OF INFORMATION
As part of commercial transactions with our clients and partners (natural and juristic), we collect personal information as required, including but not limited to: names, physical addresses and email addresses.
We obtain personal information from you in the following ways:
Through your interactions and communication with us and our services such as when purchasing our Services, negotiating terms of service, concluding any agreements with us, registering for events, requesting information, telephoning for support functions (which may also be recorded for quality assurance and compliance purposes).
Through your device/system/server interaction and usage of our Services. These technologies automatically collect data and usage information to aid us in providing the best possible service to you by helping us to administer, protect and improve our Services, including analysis of usage trends and user experiences.
When you utilise our services, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your technological constraints, in order to provide you with the best possible service.
We may also receive and store personal information from third parties to help us maintain the accuracy of our data and provide and enhance our Services, including but not limited to:
Publicly available sources: including websites, open government databases or other data in the public domain.
Organisations to which you belong where such organisation provides you access to our Services, including libraries, newsletters, internal content or other Informational Products.
Other persons who have arranged for you to access our Services (ie employers, other subscribers) in order to facilitate your lawful use of our Services, or communication with us.
Our partners and service providers who work with us in relation to the Services we provide you.
SECTION 2 – WHAT WE DO WITH YOUR DATA
While the type of personal information we collect depends on how you are interacting with us and which Services you are purchasing or using, we undertake to respect your privacy and will take all reasonable measures to protect it, as is detailed below.
We undertake to:
treat your personal information as strictly confidential;
take appropriate technical and organisational measures to ensure that your personal information is kept secure and is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access;
provide you with access to your personal information to view and/or update personal details;
promptly notify you if we become aware of any unauthorised use, disclosure or processing of your personal information;
provide you with reasonable evidence of our compliance with our obligations under this policy on reasonable notice and request;
upon your request, promptly return or destroy any and all of your personal information in our possession or control; and
not retain your personal information longer than the period for which it was originally needed, unless we are required by law to do so, or you consent to us retaining such information for a longer period.
In certain jurisdictions, it is required that we provide lawful reasoning as to our processing of your personal information for our legitimate interests. Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms. Our broader reasoning is set out as follows:
It is necessary for the performance of a contract or the provision of a Service in terms of a contract with you. This includes to enforce the terms and conditions of such contracts.
Where you give us consent in relation to specific uses of your data such as for email marketing, newsletters, etc. or where we make it clear that we are asking for your consent to obtain specific information for specified purposes when and where we otherwise need to.
In our legitimate interest or that of third parties in relation to the provision of services to you. These include your employer or our subscriber through which we are contractually obligated to provide you with services
Our legitimate interests are non-exhaustively set out as follows:
To deliver and suggest bespoke or relevant content such as news, research, reports and business information. To do so we will analyse your utilisation of our services in order to deliver a more effective and user-friendly experience
To contact you in relation to surveys and polls should you wish to take part in them and to analyse the relevant data collected for market research purposes.
To meet our internal and external audit requirements, including our information security obligations (and if your employer or our subscriber provides for your access to our Services, to meet their internal and external audit requirements)
To personalise and optimise your experience with our services we may need to retain your browsing information to make searches within our Services more relevant, including text, picture and video content.
To provide relevant and targeted advertising or marketing as is permitted by law, or on our websites and applications.
To provide any third party who has made our Services available to you, insights about use of such Services.
To display information you choose to post, share, upload or make available in chat rooms, messaging services, and community and event forums (including in community and event profiles) and for related collaboration, peer connection, games and information exchange
For internal research and development to optimise and enhance our Services and our provision thereof to you.
To protect our rights, privacy, safety, networks, systems and property, or those of other persons
For the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
To comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence
In order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work
In order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)
Depending on the Service, we may provide additional or different privacy statements or notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which statements apply to which interactions and Services
SECTION 3 - CONSENT
When you provide us with personal information to: complete a transaction, verify your banking details, verify the authenticity of commercial entities, negotiate and conclude Service-related agreements, provide you with agreed upon services, or anything relating to our offerings, it is implied that you consent to our collecting it and using it for such specific reasons only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your express consent, or provide you with an opportunity to say no.
This may include, but is no way limited to:
your personal or company name and surname;
your personal or company email address;
your personal or company physical address;
your personal gender;
your personal or company telephonic contact details; and
your personal date of birth or company registration.
Account Credentials, such as, passwords and other security information for authentication and access
User content, such as, communications and files provided by you in relation to your use of the Services
Payment information, such as, payment card number (credit or debit card), and the security code associated with your payment instrument, if you make a payment
Device information, such as, information about your device, such as IP address, location or provider
Usage information and browsing history, such as, information about how you navigate within our Services, your browsing history and which elements of our Services you use the most
Location data, for Services with location-enhanced features. If we need your consent to collect geo-location data, we will collect this separately
Demographic information, such as, your country, and preferred language
Should your personal information change, please inform us and provide us with updates to your personal information as soon as reasonably possible to enable us to update your personal information.
You may choose to provide additional personal information to us, in which event you agree to provide accurate and current information, and not to impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything.
Our Services are not generally aimed at children and in the limited circumstances where we may collect and use personal information about children (i.e. educational research and resources) we endeavour to comply with industry guidelines and applicable laws in South Africa and relevant jurisdictions.
How do I withdraw my consent?
There may be times when we offer you an opt-in mechanism for marketing related functions such as newsletters and other communication. If after you opt-in, you change your mind in relation to those functions, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting Lindiz Van Zilla at firstname.lastname@example.org or mailing us at:
122 St George's Mall
+27 (0)21 488 4411
Please note that even if you opt out of receiving marketing communications by email, we may still send you service communications or important transactional information related to your accounts and subscriptions (for purposes such as providing customer support).
SECTION 4 - DISCLOSURE
While we endeavour to never disclose your information to the public or unauthorised third parties without your permission, we retain that we may disclose your personal information if we are required to do so by law or if you violate our Terms of Service or for the purposes of criminal investigation into fraudulent conduct that affects us.
We do share information within our organisation, with our contracted parties and third-party service providers as well as in accordance with law. Our third-party service providers are not permitted to share or use the personal information provided to them for any reason whatsoever other than to provide services to us.
The following are categories of Recipients of Personal Information from us:
The person(s) providing your access to our Services
Our partners with whom we deliver co-branded Services, provide and share content as part of content sharing agreements, or to host events, conferences and seminars
That help us provide the Services to you or act on our behalf
Where we have a lawful duty or are so permitted to disclose your personal information by law, including government agencies, law enforcement
in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we may disclose your personal data to prospective buyers, sellers, advisers or partners and your data may be a transferred asset in a business sale
where reasonably required to protect our rights, users, systems and Services (e.g. legal counsel and information security professionals)
any person you have asked us, or may be deemed to have consented to us, to share information with (i.e. if you upload information into a public forum.
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
African News Agency undertakes never to make your personal information available to any third party other than as provided for in this policy, unless we are compelled to do so by law. In particular, in the event of a fraudulent online conduct, African News Agency reserves the right to disclose relevant personal information for criminal investigation purposes or in line with any other legal obligation for disclosure of the personal information which may be required of it.
Whilst we will do all things reasonably necessary to protect your rights of privacy, we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in our possession, made by third parties who are not subject to our control, unless such disclosure is as a result of our gross negligence.
If you disclose your personal information to a third party, such as an entity which operates a website linked to our Website or anyone other than African News Agency, African News Agency SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY YOU AS A RESULT OF THE DISCLOSURE OF SUCH INFORMATION TO THE THIRD PARTY. This is because we do not regulate or control how that third party uses your personal information.
When you click on links on our site, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 – SECURITY
African News Agency takes the security of the personal information we have access to seriously and we use appropriate technologies and procedures to protect that personal information (including administrative, technical and physical safeguards) according to the risk level and the service provided.
Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal information we handle, our business needs, changes in technology and regulatory requirements. We have implemented appropriate information security controls.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
SECTION 7 - AGE OF CONSENT
As stated before, our services are not generally for use by children nor is the personal information governed by this statement. By using our Services, you represent that you are at least the age of majority/full legal capacity in your state or province of residence, or that you are the age of majority/full legal capacity in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If our organisation is acquired by or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
SECTION 9 – DATA RETENTION PERIODS
We calculate retention periods for your personal information in accordance with the following criteria:
the length of time necessary to fulfil the purposes we collected it for
when you or your employer (or other subscriber providing for your access to our Services) cease to use our Services
the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations
any limitation periods within which claims might be made
any retention periods prescribed by law or recommended by regulators, professional bodies or associations
the existence of any relevant proceedings
SECTION 10 – SOCIAL MEDIA LINKS
Some of our Services may include social networking features, such as the Facebook® “Like” button and widgets, “Share” buttons, and interactive mini-programs. Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn®, to log into some of our Services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these Services.
These Services may collect information such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the Services and do not participate in social sharing on the Services.
SECTION 11 - APPLICABLE LAW
As African News Agency is a global entity based in South Africa our data protection policy is drawn predominantly upon the framework provided by the Protection of Personal Information Act.
The Protection of Personal Information Act (called the POPI Act or POPIA) brings an end to the uncertainty regarding the law on the use and processing of personal information. POPIA is essentially the South African Data Protection Bill or Data Protection Act. The POPI Act follows the principles which are established in the European Union Data Privacy Directive and the OECD (Organisation for Economic Co-operation and Development) Guidelines.
Overview of the POPI Act
POPI recognizes the right to privacy enshrined in the South African Constitution and gives effect to this right by mandatory procedures and mechanisms for the handling and processing of personal information. POPI is in line with current international trends and laws on privacy. ‘Processing’ is widely defined in POPI, it includes the ‘collection, recording, organization, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, erasure or destruction of personal information.’
POPI develops eight information protection principles to govern the processing of personal information.
The eight principles:
People often provide information for one reason and do not realize that it may be used for other purposes as well. Therefore, POPI prescribes eight specific principles for the lawful processing and use of personal information.
In a nutshell, the POPI principles are:
The processing of information is limited which means that personal information must be obtained in a lawful and fair manner.
The information can only be used for the specified purpose it was originally obtained for.
The Act limits the further processing of personal information. If the processing takes place for purposes beyond the original scope that was agreed to by the data subject, the processing is prohibited.
The person who processes the information must ensure the quality of the information by taking reasonable steps to ensure that the information is complete, not misleading, up to date and accurate.
The person processing the personal information should have a degree of openness. The data subject and the Information Regulator must be notified that data is being processed.
The person processing data must ensure that the proper security safeguards and measures to safeguard against loss, damage, destruction and unauthorized or unlawful access or processing of the information, has been put in place.
The data subject must be able to participate. The data subject must be able to access the personal information that a responsible party has on them and must be able to correct the information.
The person processing the data is accountable to ensure that the measures that give effect to these principles are complied with when processing personal information.
The introduction of these defined principles limit the processing of personal information to a very large extent, subject to the exclusions provided for in the Act.
Under POPI you as a data subject are entitled to the following Rights:
the right to have personal information processed in accordance with the conditions discussed
the right to be notified that personal information is collected and that it has been accessed by unauthorised persons (for instance where bank accounts have been hacked into)
the right to establish if a responsible party holds personal information of a data subject and to request access to the information
the right to request correction, destruction or deletion of personal information
the right to object to the processing of personal information
the right not to have personal information processed for purposes of direct marketing by means of unsolicited electronic communications
the right not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing personal information intended to provide a profile of such person
the right to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal information of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator
the right to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal information.
These rights are all subject to certain conditions and in most instances certain procedures must be followed in exercising these rights.
You may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. We endeavour to honour your rights under applicable data protection laws as far as possible.
Under European laws you may have the following rights:
Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information
Right to rectification: The right to have inaccurate information about you corrected or removed
Right to erasure ('right to be forgotten'): The right to have certain personal information about you erased
Right to restriction of processing: The right to request that your personal information is only used for restricted purposes
Right to opt out of marketing: You can manage your marketing preferences by unsubscribe links found in the communications you receive from us or by visiting the applicable preference centre
Right to object: The right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests
Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format
Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent
These rights are not absolute and they do not always apply in all cases.
In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our
Privacy Compliance Officer: Lindiz Van Zilla
Tel: +27 (0)21 488 4411
or mail us at:
[Re: ANA Privacy Compliance Officer – Lindiz Van Zilla]
122 St George's Mall
This Statement may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Statement affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on a product site or email you to let you know of an updated Statement.