For all official information and updates regarding COVID-19 please visit the South African Department Of Health’s website https://sacoronavirus.co.za/

Privacy Statement

This privacy statement describes GRIPP Advisory (Pty) Ltd (“GRIPP”)’s policies and procedures on the collection, use and disclosure of personal information. It further details the rights with respect to all data subjects’ personal information and applies to person

Introduction

We process personal information for various reasons. This statement seeks to increase transparency regarding our processing activities. We may use personal data for any of the purposes described in this statement or as otherwise stated at the point of collection.

Definitions

For the purposes of this privacy statement:

  • Cookies means small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.
  • Data Subject means the individual, legal entity, public body or company, whose personal information is being processed.
  • Information Officer means in the case of a private body, the head of a private body who has been appointed in terms of section 1 of the Promotion of Access to Information Act.
  • Personal Information means any information of a personal nature belonging to a data subject which may be, or which is processed, collected and used by a responsible party, and which will include any information related to or owned by a private or a public entity and or natural individuals such as:
    • Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person
    • Information relating to the education or the medical, financial, criminal or employment history of the person
    • Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person
    • The biometric information of the person
    • The personal opinions, views or preferences of the person
    • Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence
    • The views or opinions of another individual about the person
    • The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
  • Processing means the collecting, receiving, storing, using, updating, modifying, disseminating and destruction of Personal information.
  • Responsible Party means the person, legal entity, company or public body that is responsible for processing an entity or individual’s personal information.
  • Special Personal information is information about the following:
    • Religious or philosophical belief
    • Race or ethnic origin
    • Trade union membership
    • Political persuasion
    • Health or sex life
    • Biometric information
    • Criminal behaviour (alleged commission by a data subject of any offence, proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings).
  • Website means GRIPP Advisory, accessible from https://grippadvisory.co.za

The legal basis on which we process your personal information

The legal grounds on which we rely in order to process your personal information is as follows: 

    • Where you have consented to the processing of personal information.
    • In order to carry out contractual obligations.
    • In order to comply with a legal obligation.
    • In order to protect your legitimate interests, provided that it does not infringe on your rights.
    • In order to protect our legitimate interest, provided that it does not infringe on your rights.

Data Subjects legal rights in relation to personal information

Data Subjects have certain rights in relation to the personal information we process. In particular, you may have a legal right to:

    • Obtain confirmation as to whether we hold personal information about you and to request access to such personal information.
    • Request correction, destruction or deletion of your personal information.
    • Object, on reasonable grounds, to the processing of your personal information (in certain circumstances and subject to applicable law).
    • Object to the processing of personal information for the purposes of direct marketing.
    • Not be subject to a decision which is based solely on the basis for the automated processing of personal information intended to provide a profile of such person.
    • To submit a complaint to the Regulator regarding alleged interference with the protection of personal information.
    • Where you have voluntarily provided personal information, or otherwise consented to its use, the right to withdraw your consent.

Should you have any queries or should you wish to exercise your rights, kindly contact the GRIPP Information Officer: Lynn Sullivan at lynn@grippadvisory.co.za

Disclosure of your Personal Information

We will only disclose your personal information under the following circumstances:

  • In line with the processing activities described within this privacy statement.
  • Business transactions: should we be involved in a merger, acquisition or asset sale, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
  • Law enforcement: we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities.
  • Other legal requirements: we may disclose your personal information in good faith belief that such information is necessary to:
    • Comply with a legal obligation
    • Protect and defend the rights, property or safety of GRIPP
    • Protect against legal liability.
  • Third party providers: Any firm, organisation or person that / who provides us with products or services. Examples include:
    • Professional advisors, such as law firms, tax advisors or auditors
    • Insurers
    • Tax and customs, and excise authorities
    • Regulatory and other professional bodies
    • Public registries of company directors and shareholdings
    • Providers of identity verification services
    • The courts, police and law enforcement agencies
    • Government departments and agencies
    • Service providers
    • Support providers.

Personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide. Third party providers may use their own third-party subcontractors that have access to personal information. It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to any sub-processors they may utilise.

Retention of Your Personal Data

We will retain your personal information only for as long as is necessary for the purposes set out in this privacy statement. We will retain and use your personal information to the extent necessary to comply with our professional and legal obligations, resolve disputes, enforce our legal agreements and policies as well as for archiving and historical purposes.

Transfers of personal data

Cross-Border Transfers

Personal information may be transmitted transborder to our suppliers in other countries, and personal information may be stored in data servers hosted outside South Africa, which have data privacy laws consistent or aligned with the requirements of the Protection of Personal Information Act. Comprehensive service level agreements are established with all outsourced IT service providers that provide IT support or software solutions.  The service level agreements of the service providers, which deal with, inter alia, key deliverables such as system and user support, system availability, cyber-risk management, virus protection, data protection, telephony and other general controls, is reviewed annually and its compliance monitored.

Support Providers

We transfer or disclose the personal data we collect to external support providers who are engaged by us to support our internal ancillary processes. For example, we engage support providers to provide (a) accounting, finance and billing support; (b) IT functions including system management and security, data storage, analytics, business applications, and replication of systems for business continuity / disaster recovery purposes; and (c) and quality reviews.

It is our policy to only use third-party support providers that are bound to maintain appropriate levels of data protection, security and confidentiality, and that comply with any applicable legal requirements for transferring personal data outside the jurisdiction in which it was originally collected.

Security

We undertake to implement and maintain data protection measures to accomplish confidentiality, availability and integrity of personal information that is processed and stored.

We have aligned our information security practices to best practice frameworks to ensure adequate organizational and technological measures are in place to protect any personal information stored and processed; and may use alternative practices to adapt to technological security developments, as needed, provided that the above objectives are achieved. Information security policies are in place throughout GRIPP regulating, inter alia, the processing and protection of own and third-party information. When required, specialist skills are insourced to assist with information technology services.

Changes to this privacy statement

This statement was last updated June 2021.

We may update our privacy statement from time to time to reflect changes in our practices and services. We will notify you of any changes by posting the new privacy statement on this page. We encourage you to review this privacy statement periodically so that remain informed as to how we are processing and protecting your information.

Contact Us

If you have any questions about this privacy statement, you can contact us by email: info@grippadvisory.co.za or alternatively you may also contact us at the following postal address:

Unit A077 | 3rd Floor | West Wing

The Palms Decor and Lifestyle Centre

145 Sir Lowry Road

Cape Town

8000 

Our Processing Activities

We process personal information for various reasons, the details of which are summarised below. Any queries you may have regarding the processing of your personal information may be directed to the GRIPP Information Officer: Lynn Sullivan at lynn@grippadvisory.co.za

Business contacts

We process personal information relating to existing and potential clients (e.g. name, employer name, position, contact details as well as details relating to our client interaction) in order to manage our relationships with clients, identify client needs and improvements in service delivery and learn about client relationship opportunities.

Legal basis for processing personal information: Legitimate interest in managing and developing our business and services and providing information about our services. 

Clients (and individuals associated with our clients)

We collect and use your personal information when you engage our services, and we have a valid business reason to do so. Should we need to process personal data to provide professional services, we ask our clients to seek approval / provide the necessary information to the data subjects regarding its use.

Categories of personal information processed by us may include personal details (e.g. name, age / date of birth, ID number, gender, marital status, address, country of residence), contact details (e.g. email address, contact number, postal address), financial details (e.g. salary, payroll details); and employment details (e.g. role, grade, experience, performance information and other information about management and employees). 

Our policy is that of data minimisation and to only collect personal information necessary for the agreed purposes.

Legal basis for processing personal information:

    • Compliance with a legal or regulatory obligation (as a provider of professional services, we are required to retain records to demonstrate that our services are provided in compliance with obligations and those records may contain personal information).
    • Legitimate interest in providing our clients with professional services
    • Legitimate interest in managing and developing our businesses and services, including client relationship management
    • Legitimate interest in providing clients with information about us and our services

Websites

We process your personal information as a visitor to our website in order to amongst others administer and manage our website, analyse the data of visitors to our site, understand how visitors use the features and functions of our site, develop our business and services and any other purpose for which you provided information.

    • Personal information that is voluntarily provided
      • We collect personal information such as name, email and contact number when you complete an online form to contact us. This personal information is only utilised to respond to the communication.

We do not intentionally collect sensitive category data, nor do we intend to process sensitive information. You are not required to provide and should not disclose any sensitive personal information in the freeform text box provided. If you do provide any sensitive personal information in this manner, the act of doing so constitutes your explicit consent to the collection and processing of this personal information.

    • Personal information that is collected automatically
      • Usage Data

Usage data may include information such as your device’s internet protocol address (e.g. IP address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our website or when you access the website by or through a mobile device.

      • Cookies

We utilises “cookies” to keep, and sometimes track, information about you. “Cookies” accessed or stored by our website may retain personal information including your name, e-mail address, postal address and telephone number, but you have the choice to switch off “cookies” on your computer. Refer to the Cookies Policy for further information. Any “cookie” used by our website is not accessible to other internet websites.

  • Links to other websites

Our website may contain links to other websites that are not operated by us. If You click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy / statement of every site you visit before disclosing any personally identifiable information. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Legal basis for processing personal information:

    • Legitimate interest in effective delivery of information and services
    • Legitimate interest in developing and improving our site and your user experience
    • Explicit consent of the visitor to our website.

Children

We do not knowingly collect or otherwise process the personal information of minors under 18 years of age. If you are under 18 years old, please do not provide any personal information, even if prompted to do so. If you believe that you have inadvertently provided personal information, please ask your parent(s) or legal guardian(s) to contact the GRIPP Information Officer: Lynn Sullivan at lynn@grippadvisory.co.za  and we will delete your personal information.

Individuals who correspond with us via email

If you correspond with us via email, your emails will be scanned by the tools utilised to maintain the security of our IT infrastructure. Examples of these tools include:

    • Systems that scan incoming emails for suspicious attachments and URLs in order to prevent malware attacks
    • Tools that provide end-point threat detection to detect malicious attacks
    • Tools that block certain content or websites.

Legal basis for processing personal information:  Legitimate interest in analysing email traffic and protecting IT infrastructure against unauthorised access or data leakage

Job applicants / recruitment activities

Personal information is collected from a variety of sources during our recruitment process.

    • Directly from job applicant e.g. information you provided when applying for the position or as part of your interview.
    • Created by us during our recruitment process e.g. interview notes and if successful, offer details.
    • Third party sources e.g. recruitment agencies, references from your named referees, results of background screening checks, verification of information provided during the recruitment process, information from publicly available sources online.

Where allowed by law, we carry out criminal records checks for the following purposes:

    • To comply with legal obligations to ensure an individual is eligible to work
    • As permitted by law, to establish whether an applicant has committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct.

Legal basis for processing personal information:

    • Explicit consent from the job applicant / candidate
    • Legitimate interest to attract, identify and source talent
    • Legitimate interest to process and manage applications for vacancies, including screening candidates for suitability for employment
    • Legitimate interest to hire and onboard candidates by making an offer to successful applicants and carry out pre-employment screening checks.

Suppliers and Subcontractors

We collect and process personal data about our suppliers in order to manage the supplier relationships and contracts, and where relevant, to provide professional services to our clients. The personal information is generally limited to contact information (name, employer name, phone, email and other business contact details and the communications with us) and financial information (payment related information).

Legal basis for processing personal information:

    • Performance of a contract
    • Compliance with a legal or regulatory obligation
    • Legitimate interest to manage supplier relationships in order to develop our business and services
    • Legitimate interest to provide professional services to clients where a supplier is assisting with delivery thereof
    • Legitimate interest to manage payments, fees and charges.

Personnel

We collect personal information concerning our personnel in order to manage the employment relationship and our business. Further detail is contained within the POPI and Privacy Policy: Employee Personal Information.