Introduction
This policy describes the personal information we, Craig’s Models, collect, how we use this information, and what rights you have. It applies to our business, website, social media channels, and staff (collectively referred to as “Craig’s Models”). Using our services or not objecting to any terms of this policy implies your acceptance of this policy. This means that you consent to how we collect, use, and process your personal information. We may update this policy from time to time, so please review it frequently. We will notify you before we make any material changes to this policy and give you the opportunity to review the revised policy before the changes take effect. Your continued use of our services will signify your acceptance of these changes. Craig’s Models is a responsible party, and as such, we are subject to the rules and principles found in the Protection of Personal Information Act (POPIA). POPIA requires us to limit our use of personal data, get consent before using it, and let you withdraw your consent at a later stage if necessary. To ensure that you are informed, we have created this privacy policy, which contains several information regarding your personal information. The POPI Act regulates personal information, which means any information that relates to a specific person. The law notes that this isn't limited to a "natural person" (that is, a human being) but also a "juristic person" which means an independent legal entity such as a company. The law gives a non-exhaustive list of examples of personal information. The law applies to any data processor that is legally based in South Africa, which includes us.
Who Are We
Craig’s Models CC a business stocking a large number of scale model and miniature war gaming related items. It has the necessary items for various scale modeling. It also has a wide range of South African related buildings and we are always adding to the product range.
Terminology
Lawful Processing
The POPI Act is based around meeting eight conditions to make processing of your information lawful. We'll run down the key points here and then cover what this means in detail below:
Lawful Processing - Accountability
We are to ensure that the conditions are complied with at the time of the determination of the purpose and means of the processing and during the processing itself. We must also appoint an information officer who will be responsible for overseeing compliance with the provisions of POPI.
Lawful Processing - Processing
Processing of personal information must be limited to lawful processing in a reasonable manner that does not infringe the privacy of the employee or customer. The purpose of processing must be adequate, relevant and not excessive and with the consent of the subject, which consent may under certain circumstances be withdrawn. Processing is limited amongst others to protect or pursue legitimate interests or is necessary for the proper performance of a public law duty of an employer in the public service. Personal information must be obtained directly from you unless the information is derived from a public record or you have consented to the use of another source or has made the information public on for instance social media. The processing limitation is especially relevant to the verification of information furnished by you when only relevant and adequate information should be sought and verified. For example, an employer is permitted to require a prospective employee to provide proof of qualification and if necessary, verify the qualification with the relevant institution but the employer will not be entitled to anything more than confirmation.
Lawful Processing - Purpose Specification
When collecting personal information it must be for a specific, explicitly defined and lawful purpose related to a function or activity of Craig’s Models. We must inform you of the purpose. Where an employer collects information pertaining to an employee’s health as part of an incapacity enquiry as envisaged in Schedule 8 of the Labour Relations Act 66 of 1995 (LRA), the employer cannot use said information for any other purpose except that for which it was collected. As such, the employer cannot process or disclose the information except with the consent of the employee or as required by law. Without the consent of the subject, we may only retain records of personal information for as long as it is necessary to achieve the specific purpose for which the information was collected. We must however comply with statutory provisions prescribing retention periods such as records for tax compliance and in terms of employment legislation. The destruction of records must be final and, in a manner, that the records cannot be reconstructed, or the information re-identified.
Lawful Processing - Further Processing
We may, with your consent, put personal information to further use. In the absence of specific consent for the further use, we may use the personal information if it is compatible with or in accordance with the purpose for which it was collected in the first place. We must comply with the test for compatibility.
Lawful Processing - Information Quality
We must ensure that the personal information is complete, accurate, not misleading and updated where necessary. We must take reasonably practical steps to ensure that personal information on record is complete, accurate, not misleading and updated where necessary. We must always have regard to the purpose for which the information was collected. Special care is required where information is collected from a source other than you personally. We must ensure that the information collected from you is complete, accurate and continually updated where necessary. This means that we should verify the information received through documentary proof, collected with your consent.
Lawful Processing - Openness
In collecting information, we must take reasonably practical steps to ensure that you are aware of the information collected and the source of the information, the name and address of the responsible party, the purpose for which it is collected, whether you are obliged to supply the information and what law if any prescribes the disclosure of the information to us. We must also inform you of exactly what information will be processed, to whom and your right to access and rectify the information collected or to complain to the Regulator. We are obliged to inform you before the information is collected from you and in any other case either before or as soon as reasonably practicable after collection. When we intend to transfer the information cross border we must inform you and also explain to you the protection that the information will have in the foreign country or with the international organisation.
Lawful Processing - Security Safeguards
We must secure the integrity and confidentiality of personal information in our possession or control by taking appropriate, reasonable technical and organisational measures to prevent loss of or damage to or unauthorised destruction, unlawful access to or processing of personal information. The reasonable measures to protect the personal information include identification of possible security risks, establish and maintain safeguards against the risks, verify the safeguards from time to time and update those measures. Virus programmes, back-ups and off-site storage are all measures to consider. The measures must comply with generally accepted information security practices. Where there are reasonable grounds to believe that the personal information of a subject has been accessed or acquired by any unauthorised person we must notify the Regulator and in a prescribed form also the affected subject.
Lawful Processing - Data Subject Participation
You have the right to know what personal information we hold pertaining to you. You have a right in the prescribed form to request the records or a description of the personal information that we hold. You are also entitled to know which third parties have or had access to the personal information. Upon request we must furnish the records or information unless we may rely on one of the grounds in the Promotion of Access to Information Act 2 of 2000 (PAIA) to refuse the record or information. You are entitled to request a correction of any personal information. We must inform you what action has been taken pursuant to the request for a correction. We must correct or delete the information subject to a request for correction or provide proof of the correctness of the information and attach a note to the record reflecting both the request and the response. We will be required to inform the subject of the actions taken pursuant to the request and provide proof of the update to his/her personal information.
Information Collected By Us - Clients
Ø Name, surname
Ø Contact number
Ø Address for delivery
Ø Email address
Information Collected By Us - Service Providers
Ø Contact numbers
Ø Name of entity
Ø Contact details and address
Ø Financial information
The Source of the Information
Unless indicated otherwise, the source of information will be from you, personally. If we receive any information of you from a third party, we will notify you there of in order to determine the quality of such information.
Our Contact Details
* Member - Craig William Kloke
* Information Officer - Craig William Kloke
* Physical address - 197 Waggel Street, La Montagne, Pretoria
* Postal address - 197 Waggel Street, La Montagne, Pretoria
* Tel - 083 404 2059
* Email address - info@craigsmodels.co.za
* Website - www.craigsmodels.co.za
Our Reason for Collecting Information
We are required to record our reasons for collecting information herein, which are as follows:
Ø Compliance with the relevant statutory requirements relating to the SARS Act, Labour Law and other legislation.
Ø Performance of any necessary checks as a means of due diligence when appointing persons working with us;
Ø To obtain details of contact and particulars for delivery;
Ø To assist us in preparing and sending communication to you
Ø To have record for accounting purposes;
Collection of Information
You may object to the processing of the aforementioned information, which objection we may consider and will provide a response upon. We will provide an outcome of said consideration, based on the following:
Ø How it affects our compliance with certain laws;
Ø How it affects the successful performance of our services;
Your information is collected and securely stored by us until the order is complete and thereafter deleted immediately as we are required to delete your information to such an extent that your information cannot be reproduced without your consent. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. Furthermore, all information collected by us is stored in such a manner that unauthorised access thereto is not possible and thus to be regarded as secured.
Transfer of Information to Third Parties
The following third parties will, by default, receive your information from us:
Ø Our email service provider
– These servers are used in relation to emails sent and received. As such, any information pertaining to yourself that is transmitted via email is passing the servers of the provider, this is only accessible by us
– we can confirm that they have a data protection policy in place and utilises state of the art security in transfer and receipt of emails;
Ø SARS, CIPC: Insofar as required by the relevant regulatory entity.
Ø Our bookkeepers and auditors: We are required by law to prepare annual financial statements and might require certain information for purposes of associating certain transactions that are relevant to your payments made. This may also include “source documents” which justifies the reason for the transaction, such as invoices issued. Our bookkeeper has confirmed that they are POPI Compliant and have a data protection policy in place.
Ø Our couriers: For delivery of your order, we are making use of a reputable courier company whom we have checked is compliant in terms of POPIA.
Ø Should a third party, other than those listed herein, request information from us, we will record same and notify you of such a request.
International Data Transfer
We do not, in our ordinary course of business, intend to transfer your data internationally, and shall have to obtain prior consent from you to do so.
Your Participation
You are welcome to contact us at the above address with regard to the following:
Ø Further explanation with regard to our usage of your personal information
Ø If you would like to correct your information held by us;
Ø If you would like further information as to how we are securing your information
Ø If you would like to receive information relating to who has access to your information
Ø If you would like to object to the processing of your information You can rest assured that we treat your privacy and personal information with the utmost respect and regard. Thank you for your trust in us.