The following terms are listed in alphabetical order and are widely used throughout the Policy. Unless they are used in other clearly specified contexts, the terms are listed below together with their corresponding meanings.
1.1 “Bioflora” – means us as company Bioflora CC, with Reg Nr 1995/0205 81/23, at registered physical address: Unit 6, Keymax Park, Unit 6, Keymax Park, Pretoria Gauteng, 0157, South Africa.
1.2 “Child” – means any person under the age of eighteen years old;
1.3 “Cookies” – a Cookie is a small text file sent by a web server to store on the browser used to visit the website. Some cookies are used to ensure the website works as intended, others may store user preferences or used to collect anonymous website usage and/or user behaviour statistics.
1.4 “Data Breach” – means that the personal information may have been compromised. This may be by means of both physical or virtual security breach, unauthorised access, loss, unauthorised disclosure and/or the alteration of the personal information Bioflora holds on you.
1.5 “Data Subject” – as cold as it seems, this means “YOU” the person reading this document or using this website for whatever reason;
1.6 “Direct Marketing” – represents those annoying emails and phone calls you may receive from strangers with the intention of selling you a service or a product – modern day hawking indeed;
1.7 “Direct Marketer” – this refers to any supplier who uses direct marketing as a means of advertising;
1.8 “Employees” – means any person(s) employed by Bioflora;
1.9 “SA Government” – means the Government of RSA (The Republic of South Africa);
1.10 “Operator” – an Operator is a person or entity who is under a Responsible Party’s contract or mandate to process personal information without becoming under the authority of that Responsible Party;
1.11 “PAIA” – is the acronym for: “Promotion of Access to Information Act, No 2 of 2000”;
1.12 “Personal Information” Includes and form of information that can be used to verify your identity as a Data Subject. The term “Information” is widely used throughout the Act and may include: a person’s name and surname, company details, contact information, religion, sexual orientation, personal views and opinions, private correspondence, health records, employment records, financial records.
1.13 “Policy” means this Privacy Policy you are reading now;
1.14 “POPIA” is the acronym for: The Protection of Personal Information Act No. 4 of 2013;
1.15 “Processing” means by any activity or an operation, this can either be electronically or by human interaction regarding personal information by means of:
- a) Collecting, receiving, recording or capturing, storing and retrieving, altering (editing) and consulting or any other form of use;
- b) Sharing of Personal information by any means or making available in another form, like a record;
- c) Merging and linking of data and destruction of information;
1.16 “Regulator” means the Information Regulator established in terms of POPIA, who are empowered to monitor and enforce POPIA Act compliance with provisions of, and in accordance with the POPIA Act
1.17 “Responsible Party” This represents a person working alone, a public or private body, a group of individuals working together or any other person who determines the reason (why) and how your Personal information is being processed.
1.18 “Special Personal Information” Any personal Information concerning a Data Subject’s biometric information, criminal behaviour records, ethnic origin or race, health records, memberships to trade unions, political views and opinions, philosophical beliefs and sexual life is considered Special Personal Information.
1.19 “Third Party” Any agent, consultant, contractor, sub contractor and service providers the responsible party may be using.
2.1 The primary purpose of this Policy is for Bioflora to inform data subjects on how they collect and process personal information
2.2 Bioflora in the capacity of Responsible Party (and/ or Operator – where relevant), will continually aim to observe and comply with POPIA obligations regarding Personal Information. Bioflora will adhere to accepted principles, practices and guidelines when it processes personal information in respect, or on behalf of any Data Subject.
2.3 Bioflora only collects information relevant to the services and products we provide. This policy applies to any/all information we may obtain from you by the following means: information you supply us with directly as Data Subject; and information we may have obtained by a third party in the capacity of service provider acting on their behalf.
2.4 We use Third party service providers in some instances and this privacy policy does not apply to third parties as they have their own policies. We use the following third party service providers:
A list of commonly used third party services, with links to their Privacy Policies can be found in Anexure A at the end of this Policy.
3.1 Bioflora collects relevant personal information directly from Data Subjects in order to perform a service or complete a purchase. Bioflora may also obtain any information the Data subject has made publicly available, or if the personal information forms part of public records.
3.2 Bioflora will at all times collect Personal Information in a law abiding way and ensure that personal information will remain safe guarded and will only process personal information on legitimate grounds.
3.3 In some instances Bioflora may collect personal information directly from third parties. Bioflora will only process personal information from third parties with Data Subject’s consent where Bioflora is permitted to do so in terms of clause 3.1 above.
3.4 Examples of third parties may include: (i) Publicly available resources, ie, Companies and Intellectual Property Commission) (ii) Clients Bioflora provides a service for. (iii) Recruitment agencies.
4.1 Where Bioflora is the Responsible Party, it will only Process Data Subject’s Personal Information (except for Special Personal Information) where –
4.1.1 Data Subject has given consent; in case of a child, a competent person gave consent;
4.1.2 Processing of personal information is required to carry out actions to conclude a contract where the data subject is a party;
4.1.3 Bioflora has the legal obligation to process personal information;
4.1.4 Processing protects a Data Subject’s legitimate interest and/or;
4.1.5 Processing is required to pursue the legitimate interest of Bioflora and/or third party providers to whom information is supplied.
4.2 Bioflora will only process Personal Information if one of the legal bases in paragraph 4.1 are present.
4.3 Bioflora will ensure that Data Subjects are clear on why and how Personal Information is being processed by Bioflora.
5.1 Bioflora will generally not process Personal Information of a Child or any other Special Information on any data subject unless –
5.1.1 Data Subject has given consent to process the personal information;
5.1.2 Processing is required for the establishment, exercising defence of a right or lawful obligation;
5.1.3 Processing is required for historical, research and statistical purposes, subject to clearly stipulated safeguards;
5.1.4 Personal Information has been made public by Data Subject; or
5.1.5 specific authorisation in terms of POPIA applies.
5.2 In line with POPIA Bioflora may not process a child’s Personal information – unless consent has been obtained from the child’s legal guardian or the child’s parent. Bioflora will process this information in accordance with the applicable laws.
6.1 Under its POPIA obligation Bioflora is aware that it needs to inform its Data subjects about how their personal information is being collected and processed in order for the Data Subject to fully understand this process.
6.2 Bioflora will ensure to only Process Personal Information of a Data Subject under lawful and clear purposes. Bioflora will make Data Subjects aware of such purposes.
6.3 Bioflora will ensure that there is always a legal basis for Processing Personal Information and will not use Data Subject’s personal information for any other purpose than for which the data subject has been made aware of.
6.4 Bioflora will use Personal Information only for reasons relating to operating and managing its normal business operations, these reasons carries the Data Subject’s best interests at heart and includes one or more of the following purposes:
6.4.1 to provide data subjects with products, services, support as well as performing credit vetting where applicable.
6.4.2 to facilitate onboarding suppliers and/or service providers of Bioflora. In the same, Bioflora will also process a service provider or supplier’s personal information.
6.4.3 for procurement and supply purposes;
6.4.4 to facilitate payment processing, including payment of Bioflora suppliers / service providers;
6.4.5 to facilitate delivery of orders;
6.4.6 to analyse and monitor the use of any of Bioflora’s electronic systems. Bioflora may sometimes engage with third party service providers for services, products and content
6.4.7 for purposes of preventing, discovering and investigating violations of this Policy, the applicable laws and other Bioflora policies;
6.4.8 in connection with employment related purposes like recruiting staff, performing background checks, etc;
6.4.9 in the case of an internal audit (investigation and ensuring relevant risks are mitigated);
6.4.10 in the case of an external audit Personal Information will be shared with a third party;
6.4.11 for internal administration purposes;
6.4.12 to comply with any applicable law or order of the court and government agencies and any regulatory authority that has authority over Bioflora.
7.1 Bioflora will ensure that information is kept accurate, up to date and complete as reasonably as possible, depending on what personal information has been collected.
7.2 Bioflora may not always request Data Subjects to update Personal Information unless it is absolutely necessary.
7.3 Bioflora expects that a Data Subject will notify Bioflora on any changes to their personal information.
8.1 Bioflora is allowed to store Personal Information electronically or in hard copy format. Personal information may also be stored on third party servers via cloud services or other technologies with whom Bioflora is contracted with to support Bioflora as a website design, graphic design, digital marketing and hosting company.
8.2 Bioflora’s third party servers, including cloud storage providers may process Personal Information from time to time only for the purpose of which the information has been collected in the first place.
8.3 Bioflora will ensure that Third Party service providers process Personal Information in accordance with internal policies, procedures and POPIA
8.4 Bioflora will ensure that Third Party Service providers process personal information only for the reason specified by Bioflora. Bioflora requires such Third Party Service providers to employ the same level of security as Bioflora to ensure personal information is kept safe.
8.5 Bioflora, it’s affiliates and service providers are based both locally in South Africa and abroad. This means your personal information may be processed outside of South African Borders. Bioflora will take every possible measure of precaution to ensure Personal Information is safeguarded regardless of its location, under the same standards of protection required under the applicable laws, including POPIA.
9.1 Bioflora, acting in its capacity as Direct Marketer, will strive to comply with its POPIA obligations when undertaking any direct marketing ventures
9.2 Bioflora acknowledges that a Data Subject needs to first provide permission in order to receive Direct Marketing from Bioflora.
9.3 Bioflora may use Personal Information to contact a data subject to promote Bioflora’s Products and Services, provided that the data subject is an existing client of Bioflora, or that the Data Subject gave previous consent to receive Marketing Material from Bioflora .
9.4 If the Data Subject is an existing client, Bioflora will only use the Personal Information collected through the provision of a product or service only in relation to a similar service Bioflora provides / provided to the Data Subject.
9.5 Bioflora will give a Data Subject the opportunity to object to their personal information being used for Direct Marketing Purposes by Bioflora. If a Data Subject previously gave consent to receive Direct Marketing and would like to stop receiving Direct Marketing they will be able to unsubscribe by clicking an unsubscribe link that will appear on every Direct Marketing communication.
9.6 If you have requested not to receive Direct Marketing materials Bioflora will not process your personal information for Direct Marketing purposes.
10.1 Bioflora is allowed to keep a record of personal information, whether in an electronic or hardcopy format. This information relates to interactions like correspondence to Bioflora by the Data Subject
10.2 Bioflora may not hold on to personal information longer for the period it has been collected for. Bioflora is required to destroy the Personal Information in such a way that it can not be reconstructed. This prohibition does not apply to the following scenarios:
10.2.1 Where the personal information is required by law or any government authority;
10.2.2. The Personal Information is required by Bioflora to fulfil its lawful activities and functions;
10.2.3 The personal information is required by a contract between Bioflora and a Data Subject;
10.2.4 The Data Subject has given consent to Bioflora to retain the Personal Information;
10.2.5 The record is being retained for archival, analytics, research, historical and statistical uses, provided that the personal information are safeguarded against it being used for another purpose subjected to the expectations noted within in this policy for as long as needed to fulfil the purpose to why the information was obtained and /or permitted by law.
10.3 Where the record is being retained for archival, analytics, research, historical and statistical uses, the data subject’s personal information will be processed according to this policy and applicable law.
10.4 Bioflora will ensure that any personal information is destroyed as soon as the purpose for its collection has been fulfilled, this data will be destroyed in a way that can not be reconstructed or used to re-identify a data subject. Non-Identifiable information may be used by Bioflora indefinitely.
11.1 In order to deliver a product or service to its Data Subject Bioflora is required to collect personal information lawfully from it’s Data Subjects. Failure to provide this information will result in Bioflora being unable to deliver the service or product to its Data Subjects.
11.2 Bioflora will not be able to provide a service or product to its Data Subject, or perform its obligations as an employer without processing Personal Information.
12.1 Bioflora shall safeguard Personal Information by all means possible from loss, alteration, and from unauthorised third party access.
12.2 To keep the Personal Information Bioflora holds on its Data Subjects secure, Bioflora has implemented various physical, technological and contractual security measures. Protecting any Personal Information from loss, theft, disclosure, unauthorised access, copying, and use or modification.
13.1 Data Breach means that reasonable grounds exist to believe that personal information has been compromised, acquired or accessed by an unauthorised third party by any incident.
13.2 Data Breaches can happen for a variety of reasons, which may include the following: (a) An attack on systems such as hacking, phishing scams and viruses. (b) Equipment Failure (c) loss or theft of equipment containing personal information. (d) Unforeseen circumstances i.e., a flood. (e) human error.
13.3 Any data breach will be addressed to by Bioflora in accordance with POPIA terms.
13.4 Both the affected Data Subjects as well as The Regulator will be notified by Bioflora in the unfortunate event of a data breach, unless notified by authorities in writing to delay this notification.
13.5 Bioflora will send this notification as soon as reasonably possible after becoming aware of a Data Breach in respect of Data Subjects Personal Information
13.6 Where Bioflora acts as the Operator, it will notify the relevant Responsible Party immediately as soon as there is reason to believe that Data Subject’s information has been accessed by a third party by means of a Data Breach.
14.1 Bioflora may disclose personal information to its third party service providers provided they have agreed to process any personal information in accordance with this Policy and POPIA requirements.
14.2 Third Parties my assist Bioflora as service providers for:
14.2.1 Data Storage and Hosting;
14.2.2 Auditing and Bookkeeping;
14.2.3 Training Employees;
14.2.4 Notifying Data Subject of any relative information with regards to Bioflora
14.3 Bioflora will not disclose personal information on a data subject without the data subject’s consent in accordance with the applicable law.
14.4 Bioflora may also send Personal Information to a foreign jurisdiction outside of the Republic of South Africa for processing and storage.
14.5 Bioflora will obtain the necessary consent form the Data Subject to transfer its Personal information into another jurisdiction outside the borders of South Africa where Bioflora is allowed to do so under the provisions applicable to cross border flow of Personal Information under POPIA.
14.6 Data Subjects need to take note that any personal information processed in a foreign jurisdiction may be subject to the laws of the country in which the personal information is held and may be disclosed to governments, court of law, regulatory authorities and law enforcement agencies.
15.1 This website uses cookies to provide a good user experience and to anonymously track user behaviour and website usage statistics. This website may use cookies from Google Analytics, Facebook, MailChimp and Google maps etc to function properly.
15.2 You may refuse these cookies by activating the setting in your browser which allows you to refuse the use of cookies. Unfortunately our Website will not function properly without these cookies and some parts may not be accessible to you.
15.3 By accepting a cookie, or fail to refuse it, you agree that we may process your personal information collected by cookies (in accordance to this Policy)
16.1 Under Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”) certain access rights are given to Data Subjects. These rights include:
16.1.1 Right of access : A Data Subject with positive identification has the right to: (i) Enquire is a Responsible Party holds any personal information about the Data Subject; (ii) Request from the Responsible Party to clarify what personal information is held on the Data Subject (iii) To enquire on which Third Parties have access to which information is held. A Data Subject may request:
16.1.1.1 – Bioflora to confirm whether it holds any Personal Information on the subject free of charge;
16.1.1.2 – To obtain a record or description of the Personal Information concerning the Data Subject. This record or description to be provided (a) in a reasonable time and in (b) in a reasonable and understandable manner.
16.1.2 – The right to request corrections or deletions, a Data Subject may also request of Bioflora:
16.1.2.1 – Bioflora to correct or delete Personal information about the Data Subject that is outdated, inaccurate, irrelevant, excessive, misleading, incomplete or obtained unlawfully.
16.1.2.2 – Bioflora to destroy any personal information it holds on the Data Subject that Bioflora is no longer authorised to retain the records in terms of POPIA’s retention and restrictions. On receipt of such a request Bioflora to, as soon as possible:
16.1.2.2.1 – Destroy or delete the Personal Information
16.1.2.2.2 – Correct the information
16.1.2.2.3 – to provide Data subject with supportive evidence with regards to the the information; or
16.1.2.2.4 – Should the Data Subject and Responsible Party fail to reach an agreement on the request, an a Data Subject requests this, Bioflora will take the reasonable steps to attach to the information an indication that the request has not been made;
Bioflora’s PAIA Manual will be published in due time, in the meantime please contact us on information supplied below.
16.1.3 – Data Subjects hold the right to withdraw their consent and object to processing.
16.2 Bioflora may request the Data Subject to provide positive identification before it provides access, or before providing information in existence, processing and use of the Data Subject’s Persona Information that Bioflora holds.
16.3 Data Subject can submit a written request to Bioflora to review any Personal Information the about the DataSubject’s personal information collected, disclosed or utilised
16.4 in accordance with POPIA and PAIA Bioflora shall respond to these requests and supply the Data Subject with any such personal information.
16.5 The accuracy or completeness of a DataSubject’s personal information can be challenged by the DataSubject at any time in accordance with the process set out in the PAIA Manual to access Personal Information.
16.6 Should a Data Subject indicate that their personal information is inaccurate or incomplete, Bioflora will ensure that the personal information it, or its Third Party Service providers hold, is amended or deleted.
17.1 Bioflora is to respond to any written request within no more than 30 days. In some instances a further 30 days may be allowed but no further extension shall be allowed.
17.2 Data Subject reserves the right to complain about the time limit by contacting Bioflora using the contact details from paragraph 20 below.
18.1 The Requester / Data Subject may be required to pay a reasonable access fee with regards to searching and preparing of records. The format these records are supplied in may also affect the price and will be listed in our future PAIA manual. All contact information is listed below. Fees may vary.
19.1 Bioflora reserves the right to change these conditions from time to time as it sees fit and will announce that these changes have been made by all means possible. Any changes to Bioflora’s Privacy policy will be posted on our website 30 days prior to these changes taking place.
19.2 The current Privacy Policy will govern the respective rights and obligations between Bioflora and its Data Subject each time the Data Subject accesses or uses Bioflora’s website or related services.
20.1 For any further information, comments, concerns or complaints with regards to Personal Information can be directed to Bioflora by contacting us on the provided information below:
On Our Website at http://www.bioflora.co.za.
By Mail: Unit 6, Keymax Park, Gauteng, 0157. Or,
Telephonically by calling Our information Officer, Pieter Schutte on +10834128113 or email at pieter@bioflora.co.za
20.2 Should a Data Subject be unsatisfied by the manner in which Bioflora addresses any complaint with regards to Personal Information, the Data Subject can contact the office of the Regulator at the details below:
Website:http://justice.gov.za/inforeg/
Tel: 012 406 4818 Fax: 086 500 3351
Email: inforeg@justice.gov.za
© 2021 – Bioflora CC – All rights reserved.
Policy Generated at https://boldmark.co.za/popia
Bold Mark Creative – Our website was created and is being maintained by Bold Mark Creative our Operator in terms of POPIA requirements under their terms and conditions: https://boldmark.co.za/start_your_website/
Facebook Pixel – We advertise our products and services on Facebook. Facebook Pixel will display related adverts when you leave our site. Facebook’’s Privacy policy can be found here: https://web.facebook.com/policy.php?ref=pf&_rdc=1&_rdr
Google reCAPTCHA – reCAPTCHA uses an advanced risk analysis engine and adaptive changes to keep malicious software from engaging in abusive activities on this website. The full Privacy Policy for Google reCAPTCHA can be found here Google Privacy Policy and Terms of Use.
Google Analytics – is an Analytics platform by Google that enables businesses of all sizes to track user behavior, gain marketing insights, and analyse website interactions and more. Google’s Privacy Policies applies to this service and can be found here: https://policies.google.com/privacy?hl=en-US
Google Ads – An advertising service by Google – https://support.google.com/adspolicy/
MailChimp – MailChimp is a newsletter subscription service that we use to collect names and email addresses from anyone signing up to receive our newsletter / communications. MailChip’s Privacy policy can be found here: https://mailchimp.com/legal/privacy/
MailerLite – MailerLite is a newsletter subscription service that we use to collect names and email addresses from anyone signing up to receive our newsletter / communications. MailerLite Privacy policy can be found here: https://www.mailerlite.com/legal/privacy-policy
PayFast – We use PayFast to handle online Payments on our website – PayFast’s Privacy policy can be found here https://www.payfast.co.za/legal/privacy-policy