Data Protection Policy

PREAMBLE

Personal data is playing an increasingly important role in our economies, societies and everyday lives. New and innovative technologies are generating significant volumes of personal data, and modern communications networks and processing systems are enabling organisations to collect, analyse, use, share and store data on a global scale.

It is against this context that data protection legislation has been developed and implemented in various regions across the world.

Found recognises the Data Subjects’ rights to privacy and is committed to protecting and controlling the use of the personal data that it collects, in accordance with the regulatory requirements of the jurisdictions in which it operates.

Executive management is continuously assessing the need to develop and implement or amend further policies, procedures and terms and conditions, including those with regard to data protection; consent policies and forms; data access; security breaches and employee privacy requirements.

PURPOSE

This policy governs the collection, use and disclosure of personal data provided to Found. It directs how we gather, store and handle personal data of Data Subjects, customers and other stakeholders, in accordance with relevant data protection legislation.

APPLICATION

This policy applies to all legal entities within the Found Group, including all employees, as well as third parties who provide services to the Group and covers personal data collected and managed by the Found Group.

WHAT IS PERSONAL DATA

“Personal data” means any information or pieces of information relating to an individual, that could identify that individual, either directly (e.g. by name) or indirectly (e.g. through pseudonymised data). Personal data therefore includes things like email/home addresses, usernames, profile pictures, user generated content, financial information, and geolocation.

PRINCIPLES FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA

Collection/processing

Found will only collect personal data when it is necessary to comply with legal obligations that apply, or when such processing operation is necessary for the performance of a contract or pre- contractual procedures.

Found may also process information if it has a legitimate interest, provided that in each case our interest is in accordance with applicable law and the rights of the Data Subject.

When none of the other lawful processing conditions support the data processing operation, Found will only process personal information if it has obtained the consent of the Data Subject to process said personal data for specific, explicit and legitimate purposes.

Purpose

Found will only disclose or use personal data for the fulfilment of the specific purposes for which it was obtained, or for other lawful processing.

Accuracy

Found will take all reasonable steps to ensure that personal data that it processes is accurate, complete and up to date.

Openness

Found is committed to openness regarding its policies and practices of handling of personal data.

Security

Found will ensure that appropriate security safeguards are in place to protect personal data from loss, unauthorised access, destruction, use, modification or disclosure.

Transfers

Found may transfer personal data outside the European Union to be processed by some of its service providers, companies associated with and/or belonging to the Found Group. In this case, Found ensures that this transfer takes place in accordance with the legislation in force and that an adequate level of protection of personal data is guaranteed based on standard data protection clauses adopted, in accordance with Article 46 of the European Union General Data Protection Regulation (“GDPR”).

Under no circumstances does Found transfer personal data, outside the conditions described above, or sell personal data to third parties.

Retention

Found will retain personal data for as long as is necessary for the purposes for which it was collected. In some cases, data retention may occur for longer periods, especially when applicable law so requires.

Access

The Data Subject may request a copy of their personal data from Found and, where required, instruct Found to effect changes to correct the data or to permanently delete their personal data, in accordance with local regulations.

RIGHTS OF THE DATA SUBJECT

Withdrawing consent or choosing to delete some types of personal data may prevent Found from supplying certain services to a Data Subject, or responding to queries as a prospective employee or supplier. In order to better protect and safeguard personal data, Found takes steps to verify the identity of a Data Subject before granting access or making changes to personal data.


Rights

Explanation

Information

The Data Subject has the right to be provided with clear, transparent and easily understandable information about how we use personal data, and what the Data Subject’s rights are

Access

The Data Subject has a right to access, and to receive a copy of, any personal data we hold about the individual (subject to certain restrictions). A reasonable fee may be charged for providing such access but only where permitted by law

Rectification

The Data Subject has the right to have personal data rectified if it is incorrect or outdated and/or completed if it is incomplete

To be forgotten

The Data Subject has the right to have personal data erased or deleted; subject to legal or legitimate grounds for retaining the personal data

Direct marketing

The Data Subject may unsubscribe or opt out of direct marketing communication at any time

Withdrawal of consent

The Data Subject may withdraw consent to our processing of personal data when such processing is based on consent. Where consent is withdrawn, the lawfulness of processing prior to withdrawal is not affected

Objection to processing

The Data Subject may object to the processing of personal data when such processing is based on the legitimate interests pursued by the data controller, such as the:

  • Improvement of our products and services

  • Enhancement of our communication with the Data Subject

  • Proper administration of our website

  • Risk management
 

- Protection of legal rights

Lodge a complaint

The Data Subject has the right to contact the relevant data protection authority to lodge a complaint against our data protection and privacy practices

Data portability

The Data Subject has the right to move, copy or transfer personal data from our database to another. This only applies to personal data that the Data Subject has provided, where processing is based on a contract or explicit consent, and the processing is carried out by automated means

Restriction

In circumstances limited by the GDPR, the Data Subject may restrict the processing of personal data, so that it can be stored, but not used or processed further, such as:

  • Inaccurate data contested by the Data Subject must be restricted until verified and corrected

  • Processing is unlawful but the Data Subject objects to the erasure thereof

  • Found no longer requires the Data Subject’s data but the Data Subject requires it to be stored for the establishment, exercise or defence of legal claims

  • The Data Subject objects to processing based on Found’s legitimate interests, until verification of overriding rights

DATA PROTECTION OFFICER

Data Subjects that have any queries or concerns regarding Found's data protection policies or procedures may contact the Data Protection Officers at:

South Africa : dataprotection@foundprotector.com

Data Subjects also have the right to submit a complaint to the local Supervisory Authorities.

RESPONSIBILITIES

This policy framework falls within the scope and responsibility of the Risk Committee which reports to Found's Board of Directors.

Compliance is verified by Internal Audit which reports independently to the Board of Directors

11 Keyes Avenue, Rosebank, Johannesburg
Copyright Found 2021. All rights reserved.
Privacy Policy
Terms and Conditions