Privacy Policy

At Badisa we respect your privacy and is committed to protecting your Personal Information. This policy (“Policy”) explains how we process Personal Information and your privacy rights.

It is important that you read this Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing Personal Information about you so that you are fully aware of how and why we are using your information.

Reference to “consent”, “your consent” or “your explicit consent” shall include the ticking of a tick box or clicking on a “subscribe” button or “send” button or sending a reply by email after we have made available our Privacy Policy to you.

1) Important information and who we are

a) Responsible party

i) The Badisa is a Responsible party when engaging with you as a user of our website, other social media sites (“Sites”) andthe provision to you or any other third party of any of our services, and responsible for your Personal Information (alsoreferred to as "Badisa", "we", "us" or "our" in this Privacy Policy).

ii) Where we Process Processing of Personal Information for and on behalf of any one of our Projects/Programs and wheresuch Project/Programs is a separate person, we will act as Operator only;

iii) We have appointed an Information Officer (IO) who is responsible for overseeing questions in relation to this Privacy Policy.If you have any questions about this Privacy Policy, including any requests, please contact the IO using the details set outbelow.

b) Contact detailsi)If you have any questions about this Policy or our privacy practices, please contact us at:

(1) Information Officer
(2) Phone number: +27 (21) 957 7130
(3) Email address: info@badisa.org.za
(4) Other Contact details: as per our website (Contact Us)

ii) You have the right to make a complaint at any time to the Information Regulator's office (IR), the Republic of South Africa’sauthority for data protection issues (https://www.justice.gov.za/inforeg/). We would, however, appreciate the chance todeal with your concerns before you approach the IR, so please contact us in the first instance.

c) Changes to the Policy and your duty to inform us of changes:

i) We keep our Policy under regular review. This version was last updated as per the date in the footer. Archived versionscan be obtained by contacting us. Any changes made to our Policy in future will be posted on our website. The new versionwill apply the moment it is published on our website.

ii) It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if yourPersonal Information changes during your relationship with us.d)Third-party links: Our Sites may include links to Third-party websites, plug-ins, and applications. Clicking on those links orenabling those connections may allow Third parties to collect or share data about you. If you disclose your Personal Informationto a Third-party, such as an entity which operates a website linked to this website or our social media sites, WE WILL NOT BELIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY YOU AS A RESULT OF THEDISCLOSURE OF SUCH INFORMATION TO THE THIRD-PARTY. This is because we do not regulate or control how thatThird-party uses your Personal Information. You should always ensure that you read the privacy policy of any Third-party. Whenyou leave our website, we encourage you to read the privacy policy of every website you visit.

2) The data we collect about you

a) Personal Information means the information as per the Definitions. Personal Information does not include data where the identityof the data subject has been removed (anonymous/ de-identified data).

b) Processing has the meaning described in the Definitions below.

c) We may process the following different kind of Personal Information:

i) Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.

ii) Contact Data includes billing address, delivery address, email address and telephone numbers.

iii) Special Personal Information includes religious, biometric, criminal record and health information.

iv) Transaction Data includes details about payments/ donations from you and other details of services you have requestedfrom us or accessed on our website.

v) Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting andlocation, browser plug-in types and versions, operating system and platform, and other technology on the devices you useto access this website.

vi) Usage Data includes information about how you use our website, products and services. This information shall includethe full Uniform Resource Locators (URL) Clickstream to, through and from our website (including the date and time) andthe products or services you viewed or searched for, page response times, download errors, length of visits to certainpages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away fromthe page and any phone number used to call us.

vii) Marketing and Communications Data includes your preferences in receiving marketing from us and our Third parties andyour communication preferences.

d) We also collect, use and share aggregated data and pattern data such as (but not limited to) statistical or demographic data forany purpose (Aggregated Date). Aggregated Data could be derived from your Personal Information but is not consideredPersonal Information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate yourUsage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connectAggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data asPersonal Information which will be used in accordance with this privacy policy.

e) You may choose to provide additional Personal Information to us, in which event you agree to provide accurate and currentinformation, and not to impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent youraffiliation with anyone or anything.

f) Special Personal Information (SPI) and Children Information. In general, where we Process Special Personal Informationand/or Children Information, we will process same subject to:

i) acquiring the Data Subject’s consent and where the Data Subject it a child, the consent from a Competent Person; or

ii) where it is necessary for the establishment, exercise or defence of a right or obligation in law; or

iii) Processing is necessary to comply with an obligation of international public law; or

iv) Processing is for historical, statistical or research purposes for public interest of where it appears to be impossible or wouldinvolve a disproportionate effort to ask for consent; or

v) SPI is deliberately made available public by the Data Subject; or

vi) As allowed to by the Regulator under specific notice

g) Submission of Personal Information on behalf of another: If you provide information on behalf of someone else, thenit is your responsibility to obtain the necessary consent from the person/ user before making the Personal Informationavailable to us. On receipt of Personal Information, we assume that the necessary consent has been obtained and willprocess the Personal Information as per your instructions. By submitting such Personal Information on behalf ofanother person/ user, you indemnify us against any Third-party claim, where such Third party claim relates to PersonalInformation that has been processed without the necessary consent or other available exception allowed by law.

h) If you fail to provide Personal Information: Where we need to collect Personal Information by law, or under the termsof a contract we have with you, and you fail to provide that data when requested, we may not be able to perform thecontract we have or are trying to enter into with you (for example, to provide you with services (including services forno charge)). In this case, we may have to cancel a Service you have with us, but we will notify you if this is the case atthe time.

3) How is your personal information collected?

We use different methods to collect data from and about you including through:

a) Direct interactions. You may directly provide us with your Personal Information when you: -

i) subscribe to our newsletter or blog (if any);

ii) engage with us via Zoom, Skype or any other video conferencing facility;

iii) access any of our facilities/ offices/ premises;

iv) apply/ sign up for any of our services and/or Projects/Programs (subject to the specific service terms and conditions);

v)completion of a COVID19 questionnaire;

vi) attend any of our events or volunteer at any of our events/ facilities or appear as a champion to offer your expertise;

vii) give us feedback; or

viii) contact us via our contact form, WhatsApp or other social media sites’ messaging platforms we may subscribe to.

b) Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data aboutyour equipment/ devices, browsing actions and patterns. We collect this Personal Information by using cookies (see our CookiesPolicy), server logs and other similar technologies. We may also receive Technical Data about you if you visit other websitesemploying our cookies.

c) Third parties or publicly available sources. We will receive Personal Information about you from various Third parties and public sources as set out below:

i) Technical Data from the following parties:

(1) analytics providers such as Google ("How Google uses information from sites or apps that use our services", (located at https://policies.google.com/technologies/partner-sites);

(2) advertising networks; and

(3) search information providers.

ii) Contact, Financial and Transaction Data from providers of technical and payment services.

iii) Identity and Contact Data from publicly available sources such as CIPC.

4) Cookies

1. Consent

By using our website, you consent to the use of cookies to track your activity on https://badisa.org.za/. This Cookies Policy sets out the rules that govern our use of cookies. You may withdraw your consent at any time by following the instructions below.

The information we collect using cookies helps us understand users of our website better, so that we can provide a more focused user experience. Cookies basically have two functions:

a) to remember information previously entered by users; and

b) to save site preferences, and records users’ browsing activities (e.g. which pages are visited, each time and how often buttons are pressed).

We use cookies principally because we want to make our website user-friendly and work more efficiently, and we are interested in anonymous user behaviour. Cookies are also used to provide information to owners of websites. Generally cookies do not store sensitive or personally identifiable information such as your name and address or credit card details.

In the unlikely event that our website uses cookies to store personal information about you, The Badisa Children Foundation NPC (“Badisa”, “we”, “us”, “our”) encrypts the personal information to prevent unauthorised use by anyone else.

2. What Are Cookies?

Cookies are most often small text files that websites may put on a visitor’s computer or mobile device while browsing the website. They are used for many different purposes. For example, they can:

a) help search engines remember that you want your search results in English;

b) help a website remember your preferences so that you don’t need to customise it every time;

c) help websites to deliver a better service by showing you the content most relevant to you;

d) identify and resolve errors; and

e) analyse how well a website is performing.

The most common function of cookies is to remember bits of information that help make browsing the web easier and more hassle-free for you.

All modern browsers have tools to help you delete or block cookies. But it’s important to remember that many websites- including Badisa’s website(s)- need cookies in order to function properly. By deleting or blocking cookies, you also block certain personalised features, and you may not be able to take full advantage of some of the website’s features.

For greater detail about cookies, here are a few websites for reference:

www.allaboutcookies.org / www.youronlinechoices.eu / www.termsfeed.com

3. What Type Of Cookies Are There?

a) Strictly Necessary Cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. These cookies, for instance, allow you to navigate back and forth between pages without losing their previous action from the same session. These cookies must be present for our website to provide the basic functions of the website. Because these cookies are strictly necessary, we do not need to ask for your consent to use them.

b) Analytical/ Performance Cookies. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often. The information gathered does not identify any individual visitor and is aggregated. It includes the number of visits to our website, the websites that may have referred them to our website and the pages that they visited on our website. These cookies may also show us which email visitors may have clicked through from in order to visit our website, and whether you opened an email we sent you.

Analytics cookies, set using third-party web analytics software, allow us to monitor our website traffic. These cookies may also tell us how many of our visitors are male or female, and may summarise the number of visitors who fall within certain age ranges, or certain interest categories. However, this sort of information is not linked to any individual; it just shows us what percentage of our visitors fall in particular categories. Performance cookies are further used to enhance the performance and functionality of our services but are non-essential to their use. However, without these cookies, certain functionality like videos may become unavailable.

c) Functionality Cookies. These cookies allow our website to remember users’ site preferences and the choices they make on the website (such as your username, language, and region) and provide enhanced, more personal features. They are also used to prevent us from offering you a service that we already offered or a service that you declined. These cookies can also be used to remember changes you have made to text size, fonts and other parts of the webpages that you can customise.

These cookies may also be used to provide services you have asked for such as watching a video or comment on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. They can be first-party, third-party, session or persistent cookies. They are tailored to respond only to the service requested by you. By using our website, you agree we may place these types of cookies on your device.

d) Social Networking Cookies. These cookies allow users to share content on social media platforms, and help link activities between a website and third-party sharing platforms.

e) Behaviourally Targeted Advertising Cookies. These cookies record your visits to our website, the pages you have visited and the links you have followed. They are specifically designed to gather information from users on their devices to display advertisements based on relevant topics of interest. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of the advertising campaign. These cookies remember that you have visited our website and use this information to tailor advertising for our Products and/ or Services when you visit third-party websites The information on the users gathered by these cookies may be shared with other advertisers to measure the performance of their advertisements. We may also share this information with third-parties for this purpose. They are mainly third-party cookies on our website, and are placed by advertising networks.

4. What Cookies Do We Use?

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie

Name

Purpose

Duration / Expiry

Necessary

_grecaptcha

This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.

Persistent cookie.

_GRECAPTCHA

This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.

179 days.

CONSENT

Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website.

196 days.

CookieConsent

Stores the user's cookie consent state for the current domain.

1 year.

rc::a

This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.

Persistent cookie.

rc::b

This cookie is used to distinguish between humans and bots.

Session cookie.

rc::c

This cookie is used to distinguish between humans and bots.

Session cookie.

test_cookie

Used to check if the user's browser supports cookies.

1 day.

Statistical cookies

_ga

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

2 years.

_gat

Used by Google Analytics to throttle request rate.

1 day.

_gid

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

1 day.

Marketing/ advertising cookies

IDE

Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

1 year.

VISITOR_INF01_LIVE

Tries to estimate the users' bandwidth on pages with integrated YouTube videos.

179 days.

YSC

Registers a unique ID to keep statistics of what videos from YouTube the user has seen.

Session cookie.

yt-remote-cast-available

Stores the user's video player preferences using embedded YouTube video.

Session cookie.

yt-remote-cast-installed

Stores the user's video player preferences using embedded YouTube video.

Session cookie.

yt-remote-connected-devices

Stores the user's video player preferences using embedded YouTube video.

Persistent cookie.

yt-remote-device-id

Stores the user's video player preferences using embedded YouTube video.

Persistent cookie.

yt-remote-fast-check-period

Stores the user's video player preferences using embedded YouTube video.

Session cookie.

yt-remote-session-app

Stores the user's video player preferences using embedded YouTube video.

Session cookie.

yt-remote-session-name

Stores the user's video player preferences using embedded YouTube video.

Session cookie.

Please note that third-parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/ performance cookies or targeting/ advertising cookies.

If you do not agree to the use of these cookies, please disable them by following the instructions for your browser set out on www.allaboutcookies.org or use the automated disabling tool where available. Users can also manage cookies (and delete cookie files) by opening their web browser (such as Chrome, Firefox, or Safari) and finding where cookies are stored. Please see table below on the Handling of cookies.

5) Update Of Cookies Policy

We may update this Cookies Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operation, legal or regulatory reasons. Please, therefore, re-visit this policy regularly to stay informed about our use of cookies and related technologies. Refer to the date in the footer of this Policy to see when the last update was.

6) Handling Cookies

All modern browsers have tools to help you delete or block cookies. It is important to remember, however, that many websites - including https://badisa.org.za/- need cookies to function properly. By deleting or blocking cookies, you could also block certain personalised features and you may not be able to take full advantage of some of the website’s features. If you would like to opt out of Google Analytics cookies, you can find out more on Google website (click on link).

To turn cookies on or off for all websites via your web browser, follow the instructions in the table below. (Please note that the list is not complete and is different on PC and Mac).

Google Chrome

1. Click on “Menu” icon (top right-hand corner below exit icon)
2. Click “Settings”
3. Under Privacy and security section click on “Cookies and other site data”
4. Enable or disable cookies:
> To enable cookies, select “Allow all cookies” (recommended)
> To disable cookies, select “Block all cookies” (not recommended)

Microsoft Internet Explorer 9.0+

1. Click on “Tools” icon
2. Select “Internet options”
3. Click on “Privacy” tab
4. Click on “Advanced” tab
5. Make selection on how cookies are handled

Mozilla Firefox

1. Click on “Menu” icon (top right-hand corner below exit icon)
2. Click on “Options”
3. Click on “Privacy & Security”
4. Scroll down to “Cookies and Site Data”
5. Make selection on how cookies are handled

Safari

1. Click on “Menu” icon (top right-hand corner)
2. Click on “Privacy” tab
3. Scroll down to bottom of page and select “Privacy & cookies”
4. Make selection on how cookies are handled

Where the organisation setting the cookie(s) provides an automated disabling tool in respect of its cookie(s), we list the name of that organisation, the category of cookies it sets together with a link to its automated disabling tool. In all other cases, we list the names of the cookies themselves and their source at the date of this Cookies Policy so that you can easily identify and disable them if you want through your browser controls.

After your initial visit to this website, we may change the cookies we use. This Cookies Policy will always allow you to know who is placing cookies, for what purpose and give you the means to disable them so you should check it from time to time.

5) How we use Personal Information

a) We will not sell Personal Information. We will only use Personal Information within the framework of the law. Most commonly,we will use your Personal Information in the following circumstances:

i) Where the Data Subject or Competent Person (on behalf of a Child) has given us Consent; or

ii) Where we need to conclude a contract or perform in accordance with any contract with a person; or

iii) Where it is necessary for the protection of the Data Subject’s legitimate interest;

iv) Where it is necessary for our legitimate interests (or those of a Third party) and the interests and fundamental rights of aData Subject does not override those interests; or

v) Where we need to comply with a legal obligation.

b) Generally, we do not rely on Consent only as a legal basis for processing your Personal Information although we will obtainConsent before sending Third-party direct marketing communications to a Data Subject by way of electronic communications.A Data Subject has the right to withdraw Consent to marketing at any time by contacting us.

c) Purposes for which we will Process Personal Information:-

i) We have set out below, in a table format, a description of all the ways we plan to use Personal Information (not limited to),and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

ii) Note that we may Process Personal Information for more than one lawful ground depending on the specific purpose forwhich we are using the Personal Information. Please contact us if you need details about the specific legal ground we arerelying on to process your Personal Information where more than one ground has been set out in the table below.

iii) Note that we process Special Personal Information strictly in accordance with the POPI Act.

Purpose / Activity

Type of data

Lawful basis for processing including basis of legitimate interest

(a) To send Badisa communications / newsletter tocustomer/donator/sponsor.
(b) To sign you up for our newsletter (if any) (as anon-customer of Badisa)
(c) To sign up for our events/ or as a volunteer/champion offering your expertise

(a) Identity
(b) Contact

Existing customer/donator/sponsor (as per POPI Act) of Badisa.

Consent

To reply to your submissions via our “Contact Us” page

(a) Identity
(b) Contact

Consent

To register you as a participant / volunteer /champion in one of our Projects/Programs and to manage the relationship

a) Identity
(b) Contact
(d) Special Personal Information

Consent
Performance of a contract with you
Necessary for our legitimate interests (to recover debts due to us)

To register a Data Subject to a Project/Program

a) Identity
(b) Contact
(d) Special Personal Information

Consent
To protect the legitimate interest of the Data Subject

To process and assist with payment for donations :
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing/ Communications
(f) Technical

(a) Consent
(b) Performance of a contract with you
(c) Necessary for our legitimate interests (to recover debts due to us) Take note that we do not directly process Financial Daetawhich will be processed by PayFast and subject to theirterms and conditions (see www.payfast.co.za)

To manage our relationship with our Projects/Programs as Responsible Parties
(a) To provide the necessary support for theProjects/Programs;
(b) To make financial contributions
(c) Notifying the Projects/Programs about changes to the Badisa services
(d) Notifying you about changes to our terms orPrivacy Policy or service terms and conditions

(a) Identity
(b) Contact
(c) Financial
(d) Transaction

(a) Consent
(b) Performance of a contract with the Projects/Programs
(c) Necessary to comply with a legal obligation
(d) Necessary for our legitimate interests (to keep our records updated and to study customers’ use of ourservices)

To follow our COVID19 protocol and determine whether you can be allowed on to our premises

(a) Identity
(b) Contact
(c) Special Personal Information

(a) Consent
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests and the interest of other persons on the premises

(a)To monitor our premises for security purposes
(b)To monitor the wellbeing of participants while enrolled in our programmes

(a) Identity
(b) Special Personal Information

(a) Your consent (for observation purposes, special consent when required)
(b) Necessary for our legitimate interests (to keep our records updated and to study customers’ use of ourservices

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical

(a) Necessary for our legitimate interests (for running ourorganisation/ website, provision of administration and ITservices, network security, to prevent fraud)
(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity
(b) Contact
(c) Usage
(d) Marketing/ Communications
(e) Technical

(a) Consent
(b) Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow ourorganisation and to inform our marketing strategy)

To use data analytics to improve our website, services, marketing, customer relationships and experiences

(a) Technical
(b) Usage

Necessary for our legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our services and to inform our marketing strategy)

To make suggestions and recommendations to you about services that may be of interest to you

(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Marketing/ Communications

(a) As existing customer of Badisa
(b) Necessary for our legitimate interests (to develop our services and grow our organisation)

To assist Emergency Services (External Third Party)

Identity
Contact
Special Personal Information

(a) Necessary for the protection of the data subject’s (parent/ guardian or child) legitimate interest
(b) Necessary for the protection of Badisa’s legitimateinterest

d) Direct Marketing: We strive to provide you with choices regarding certain Personal Information uses, particularly around directmarketing and advertising.

i)More information about our services

(1) Once you have utilised any of our services (i.e. enrolled in one of our Projects/Programs or applied to be a volunteer /contributor or champion) you will be seen as a customer of Badisa.

(2) As a customer we may use your Identity, Contact, Technical and Usage Data to form a view on what we think you maywant or need, or what may be of interest to you. This is how we decide which services and offers may be relevant foryou (we call this marketing).

(3) As a customer you will receive direct marketing communications and other updates from us if you have not opted outof receiving that marketing. Important: you may ask us on submission of your Identity, and Contact information not tosend you the above-mentioned information. At any time, subsequent to our initial engagement you can make use ofthe opting out options under par. iv) below;

ii) Not a customer of Badisa yet:

(1) We may collect through one of our employees / members, or through our mailing system, your email address, however;

(2) Before we use same for any direct marketing purposes, we will ask you for consent (opt-in) prior to sending you directmarketing material.

iii) Third-party marketing

(1) We will get your express opt-in consent before we share your Personal Information with any Third party for marketingpurposes.

(2) TAKE NOTE: We may provide (without your consent) Third party marketing parties/advertisers with anonymousaggregate information about our users (for example, we may inform them that 500 men aged under 30 have clickedon a specific product or advertisement on any given day). We may also use such aggregate information to helpadvertisers reach the kind of audience they want to target (for example, women in Gauteng). We may make use of thePersonal Information we have collected from you to enable us to comply with our advertisers' wishes by displayingtheir advertisement to that target audience. IMPORTANT: We do not disclose information about identifiableindividuals to our advertisers.

iv) Opting out

(1) You can ask us or Third parties to stop sending you marketing messages at any time by using the unsubscribe functionon our direct marketing communications or by contacting us at any time requesting to op-out of our marketing services.

(2) Where you opt out of receiving these marketing communications, this will not apply to Personal Information providedto us as a result of a product/service purchases, warranty registration, product/service experience or other transactions.

v) Change of purpose

(1) We will only use your Personal Information for the purposes for which we collected it, unless we reasonably considerthat we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get anexplanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

(2) If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legalbasis which allows us to do so.

(3) Please note that we may process your Personal Information without your knowledge or consent, in compliance withthe above rules, where this is required or permitted by law.

6) Disclosures of your personal information

a) We may share your Personal Information with the parties set out below for the purposes set out in the table above.

i) Internal Third parties as set out in the Definitions. Where we share your Personal Information to our group, we ensureyour Personal Information is protected by requiring all our group affiliates to follow this policy when processing your PersonalInformation.

ii) External Third parties as set out in the Definitions and to those external parties as per your instructions.

(1) We may provide such information to collaborating companies or other trusted businesses or persons for the purposeof processing Personal Information on our behalf.

(2) Where we make use of External Parties to deliver certain parts of the Badisa services, we will conclude a Processingof Personal information/ Operator Agreement with said parties before sharing Personal Information with them.

(3) We may seek to acquire other businesses or merge with them. If a change happens to our organisation, then the newmembers may use your Personal Information in the same way as set out in this privacy policy.

(4) We require all Third parties to respect the security of the Personal Information we make available to them and to treatit in accordance with the law. We require that these parties agree to process such information based on our instructionsand in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.

(5) We do not allow our Third-party service providers to use your Personal Information for their own purposes and onlypermit them to process your Personal Information for specified purposes and in accordance with our instructions.

(6) Where Personal Information, about the participant, needs to be shared with a doctor or occupational therapist or socialworker (as the case may be), we will first obtain the Competent Person’s consent where reasonably possible and whereit is not an emergency to protect the legitimate interest of the data subject.

7) International transfers

a) Some of our external Third parties may be based outside the Republic of south Africa (“RSA”) so their processing of yourPersonal Information could involve a transfer of data outside the RSA.

b) Whenever we transfer your Personal Information out of the RSA, we ensure a similar degree of protection is afforded to it byensuring at least one of the following safeguards is implemented:

i) We will only transfer your Personal Information to countries that have appropriate data protection and privacy legislation toprotect your Personal Information.

ii) Where we use certain service providers, we conclude an agreement with them to confirm that your Personal Information isconfidential, they can only process on our instructions and that they should establish and maintain appropriate technologicaland organisational measurements to protect your Personal Information.

iii) Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requiresthem to provide protection to Personal Information similar to the conditions under the POPI Act, which we believe are goodprinciples to ensure compliance.

c) By submitting your Personal Information to us you consent to the transfer of Personal Information outside the bordersof the RSA (when required).

8) Data security

a) We have put in place appropriate technological and organisational measures to prevent your Personal Information from beingaccidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your PersonalInformation to those employees, agents, contractors and other Third parties who have a business need to know. They will onlyprocess your Personal Information on our instructions and they are subject to a duty of confidentiality.

b) We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicableregulator of a breach where we are legally required to do so.

9) Data retention

How long will you use my Personal Information for?

a) We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for,including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain PersonalInformation for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respectto our relationship with you.

b) To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of thePersonal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposesfor which we process your Personal Information and whether we can achieve those purposes through other means, and theapplicable legal, regulatory, tax, accounting or other requirements.

c) In some circumstances you can ask us to delete your data: see Your legal rights below for further information.

d) In some circumstances we will anonymise your Personal Information (so that it can no longer be associated with you) forresearch or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10) Records

We will keep detailed, accurate and up-to-date written records regarding any Processing of Personal Information we carry out, including but not limited to, the access, control and security of the Personal Information and approved subcontractors, the processing purposes, categories of processing and related safeguards, the instructions as received from our customers and a general description of the technical and organisational security measures and retention and destruction of Personal Information.

11) Email Legal Notice

THE TERMS AND CONDITIONS BELOW SHALL APPLY TO ALL EMAIL COMMUNICATIONS TO AND FROM BADISA NPO & PBO AND THE BADISA CHILDREN FOUNDATION NPC (“BADISA”, “Us”, “We”, “Our”)

Name: Badisa NPO & PBO - The Badisa Children Foundation NPC
Reg. No: NPO: 011-891 / PBO: 930 006 348 / NPC: 2017/528019/08
Contact Details: https://badisa.org.za/contact-us/
Website: https://badisa.org.za/

Kindly take note:

1) Copyright: The content in or attached to this email is the property of or has been licensed to BADISA to utilise in accordance with the applicable license. The addressee of this email may read this email and attachments (where applicable) and may only copy same for purposes of back-up, compliance with retention legislation or where addressee acts as a conduit of the said email. The content and attachments of this email may not be utilised for commercial purposes, unless agreed to between the parties to this email.

2) Confidential:

  • • The information contained in or attached to this email may contain confidential and privileged information and is solely for the use of the party to whom the sender intended to send the information (“intended recipient”). Any unauthorised distribution, copying or disclosure of this email and its content is prohibited, unless specifically authorised by the sender. If you have received this message in error, you should notify the sender by reply email immediately, not open the attachments (if any) and delete it.
  • • Any email content or attachments you transmit to Us by electronic mail or otherwise (including any questions, data, answers, comments, suggestions, or the like) will be treated as non-confidential and non-proprietary by Us, unless expressly agreed otherwise in writing.

3) Data- and Privacy Protection:

  • • The email address used in this email is used for the purpose of conveying this message and related messages only. The email address may not be used for any other purpose unless the parties to this email have opted for such other use. The email address under this email may not be used for any unsolicited communications or placed in a database to be used by third parties for purposes of unsolicited communications.
  • • Any personal information that is transmitted to Us will be dealt with in accordance with Our Privacy Policy. Take note of par. 5.(d) i.t.o. direct marketing. We may use your email address to send you an email to get your Consent (opt-in) before we can send you any direct marketing material by way of electronic communications.

4) Agreements Online: No agreement will be concluded by electronic communications, unless an authorised representative of BADISA has confirmed such an agreement by return email (auto-response excluded) and subject to contract law in general.

5) Mobile Devices: The use of mobile devices may make the reading of the entirety of an incoming email, especially a chain of email correspondence, and its attachments, difficult, impractical or impossible. Accordingly, recipients of emails from BADISA should allow for the fact that where an email has been sent from a mobile device, the sender may not have read and considered the entirety of an incoming email and its attachments, and may not be fully aware of its contents. Such recipients should consider seeking confirmation of any advice so given before it is relied upon.

6) Limitation of Liability:

  • • As the integrity of this message cannot be secured on the Internet, BADISA’s liability cannot be triggered by the content of this message.
  • • Although the sender endeavours to maintain a computer-virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus howsoever transmitted.
  • • BADISA WILL UNDER NO CIRCUMSTANCES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES AND/ OR EXPENSES OR ANY LOSS OF PROFITS OF WHATSOEVER NATURE, AS A RESULT OF, BUT NOT LIMITED TO, CORRUPTED DATA, LOSS OF DATA OR NON-FUNCTIONALITY OF INFORMATION SYSTEMS, EVEN IF THE SENDER OF THIS EMAIL HAS BEEN ADVISED OF THE POSSIBILITY.
  • • The views and opinions of the individuals expressed in this email may not reflect the views and opinions of BADISA. The purpose of the email facility at BADISA is to convey official BADISA communications. BADISA will not be liable for any content, opinions or views where the email facility was utilised for any other purpose than as explained above. The sender of this email is expressly required not to make any defamatory statements. Any such communication is contrary to BADISA’s policy and outside the scope of the responsibilities of the individual concerned or scope of the agreements entered with BADISA suppliers (where applicable or for the supply of services).
  • • This Email Legal Notice shall at all times take precedence over any other email disclaimer(s) attached to return emails addressed to any person with a BADISA email account (with email-extension@badisa.org.za), including employees using personal email accounts to conduct official BADISA business (for example, email-extension @gmail.com).

7) Time of Receipt: Despite a possible auto-response confirmation that an email has been received at BADISA, an email shall only be deemed to have been received at BADISA when the recipient at BADISA has received and read it. Return email messages blocked by BADISA’s anti-virus or filtering applications shall not be deemed to have been received by BADISA or the addressee.

8) Interception of Communications: BADISA has a duty to manage and retain certain records and mitigate possible risks, for example, to ensure that BADISA’s online platform is an environment free of malicious programs such as viruses, Trojans and spyware, and therefore reserves the right to intercept, monitor, copy (retain) or block email messages to and from BADISA. Should you respond to this email, you consent that your email will be subject to BADISA’s email filtering, scanning, monitoring and blocking procedures.

9) Amendments: BADISA reserves the right to revise these terms at any time, with the revised terms taking effect as of the date of its posting.

10) Governing Law and Jurisdiction: The law of the Republic of South Africa shall govern this legal notice and all parties to this message consent to the jurisdiction of the Western Cape High Court (Cape Town).

12) Social media

a) Our website may, in certain circumstances, provide you with social plug-ins from various social media networks. If you chooseto interact with a social network such as Facebook or Twitter (for example by registering an account), your activity on ourwebsites will also be made available to that social network. This is necessary for the performance of your contract with Us whichallows you to interact with a social network. If you are logged in on one of these social networks during your visit to one of ourwebsites or are interacting with one of the social plug-ins, the social network might add this information to your respective profileon this network based on your privacy settings. If you would like to prevent this type of information transfer, please log out ofyour social network account before you enter one of our websites, or change the necessary privacy settings, where possible.

b) Communication, engagement and actions taken through external social media networks that we participate in are custom to theterms and conditions as well as the privacy policies held with each social media platform respectively.

c) You are advised to use social media networks wisely and communicate/engage with them with due care and caution in regardto their own privacy policies (if any). PLEASE NOTE: WE WILL NEVER ASK FOR PERSONAL OR SENSITIVEINFORMATION THROUGH SOCIAL MEDIA NETWORKS AND ENCOURAGE USERS, WISHING TO DISCUSS SENSITIVEDETAILS OR TO RESOLVE ISSUES/CONCERNS, TO CONTACT US THROUGH PRIMARY COMMUNICATION CHANNELSSUCH AS BY TELEPHONE OR EMAIL.

d) Our social media network page(s) may share web links to relevant web pages. By default some social media platforms shortenlengthy URL's. You are advised to exercise caution and due care before clicking on any shortened URL's published on socialmedia platforms by this website. Despite our best efforts to ensure that only genuine URL's are published many social mediaplatforms are prone to spam and hacking and therefore our website and its owners cannot be held liable for any damages orimplications caused by visiting any shortened links.

13) Your legal rights

a) Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Information:

i) Request access to Personal Information (commonly known as a "data subject access request"). There may be a feeassociated with this request – see below. This enables you to receive a copy of the Personal Information we may holdabout you and that you are entitled to obtain and to verify whether we are lawfully processing it. See the Badisa Promotionof Access to Information Manual (“PAI Manual”).

ii) Request correction of Personal Information. This enables you to have any incomplete or inaccurate data we may holdabout you corrected, though we may need to verify the accuracy of the new data you provides to us.

iii) Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information wherethere is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your PersonalInformation where you have successfully exercised your right to object to processing (see below), where we may haveprocessed your information unlawfully or where we are required to erase your Personal Information to comply with locallaw. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons whichwill be notified to you, if applicable, at the time of your request.

iv) Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a Third party)and there is something about your particular situation which makes you want to object to processing on this ground as youfeel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing yourPersonal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimategrounds to process your information which override your rights and freedoms.

v) Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processingof your Personal Information in the following scenarios:

(1) If you want us to establish the data's accuracy.

(2) Where our use of the data is unlawful but you do not want us to erase it.

(3) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legalclaims.

(4) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to useit.

vi) Request the transfer of your Personal Information to you or to a Third party. We will provide to you, or a Third party youhave chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right onlyapplies to automated information which you initially provided consent for us to use or where we used the information toperform a contract with you.

vii) Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this willnot affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, wemay not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdrawyour consent.

b) If you wish to exercise any of the rights set out above, please contact our Information Officer at the details mentioned 1)b) above.

c) Fee required: Apart from the prescribed fees under the PAI Act, you will not have to pay a fee to access your PersonalInformation (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearlyunfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

d) What we may need from you: We may need to request specific information from you to help us confirm your identity andensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure toensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to askyou for further information in relation to your request to speed up our response.

e) Time limit to respond: We try to respond to all legitimate requests within 30 (thirty) days. Occasionally it could take us longerthan 30 (thirty) days if your request is particularly complex or you have made a number of requests. In this case, we will notifyyou and keep you updated.

14) Subcontractors

a) We may authorise a Third party (subcontractor) to process the Personal Information on our behalf. Where we use sub-contractors, we will:

i) enter into a written contract with the subcontractor that contains terms substantially the same as those set out in this PrivacyPolicy, in particular, in relation to requiring appropriate technical and organisational data security measures; and

ii) maintain control over all Personal Information it entrusts to the subcontractor;

b) We agree to select subcontractors carefully according to their suitability and reliability.

c) A subcontractor within the meaning of this Privacy Policy shall not exist if we commission Third parties with additional services,that are not an essential part of this Privacy Policy.

d) Where the subcontractor fails to fulfil its obligations under such written agreement, we remain fully liable to you for thesubcontractor's performance of its agreement obligations.

e) We consider Badisa to control any Personal Information controlled by or in the possession of its subcontractors.

f) We undertake to ensure that all subcontractors who process Personal Information of Data Subjects shall not amend, modify,merge or combine such Personal Information and Process same as per our instructions.

15) Definitions

a) Competent Person means any person who is legally competent to consent to any action or decision being taken in respect ofany concerning child.

b) Consent: means any voluntary, specific and informed expression of will in terms of which permission is given for the processingof Personal Information.

c) Data Subject means the person to whom Personal Information relates and, in this document, refers to you, as the party providingPersonal Information that will be processed by Badisa or a relevant Third party.

d) Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you thebest service/product and the best and most secure experience. We make sure we consider and balance any potential impacton you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests.We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we haveyour consent or are otherwise required or permitted to by law). You can obtain further information about how we assess ourlegitimate interests against any potential impact on you in respect of specific activities by contacting us.

e) PAI Act means the Promotion of Access to Information Act, Act 2 of 2000.

f) Performance of Contract means processing your data where it is necessary for the performance of a contract to which youare a party or to take steps at your request before entering into such a contract.

g) Personal Information means information as defined under the POPIA.

h) POPIA means the Protection of Personal Information Act, Act 4 of 2013.

i) Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personalinformation, including-

i) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval. alteration, consultationor use;

ii) dissemination by means of transmission, distribution or making available in any other form; or

iii) merging, linking, as well as restricting, degradation, erasure or destruction of information.j)Projects/Programme: means any of those projects or programmes where Badisa gets involved, either through its own servicesor financial support;

k) Special Personal Information means information as defined under section 26 of the POPIA (this includes details about yourrace or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership,information about your health, and biometric information or criminal convictions and offences.

l) THIRD PARTIES

i) Internal Third parties: Partners, affiliates, employees, members and/ or agents of Badisa, acting as joint ResponsibleParties or operators and who are based in South Africa and who may also provide IT and system administration servicesand undertake leadership reporting.

ii) External Third parties:

(1) Service providers acting as operators who provide IT and system administration services.

(2) Professional advisers acting as operators or joint Responsible parties, including lawyers, bankers, auditors and insurerswho provide consultancy, banking, legal, insurance and accounting services.

(3) Other applicable and appropriate operators or joint Responsible Parties based in the Republic of South Africa whorequire reporting of processing activities in certain circumstances.

(4) Court of law or any other authority where we have an obligation under law to share your Personal Information.

(5) In the event that we sell or buy any business or assets, in which case we may disclose your Personal Information tothe prospective seller or buyer of such business or assets.