SAPREF PRIVACY STATEMENT
SAPREF understand the importance of ensuring that we collect, use, store, share and dispose of information about you (‘Personal Data’) in a fair, ethical, transparent, secure and lawful way.
This Privacy Statement describes what Personal Data we use about you, how we use it, and your choices and rights in relation to your Personal Data.
This Privacy Statement applies to our use of your Personal Data in our interactions with you through our corporate systems, websites, social media sites (“Sites”), visits to SAPREF sites, and other forms of correspondence that link to our Privacy Statement, or Personal Data about you that we may collect offline or receive from other parties.
If you have any questions about how we Use your Personal Data or would like to lodge a complaint, please contact us at Data and Privacy Portal
2. Information we collect about you
Personal Data is any information that identifies you or relates to you.
We collect Personal Data about you from different sources including: Personal Data that we collect directly from you; Personal Data that we collect automatically about you as you use our Systems, Sites, and Personal Data that we collect from other sources, as described in this Privacy Statement.
The type of Personal Data that we collect about you varies based on our interactions with you.
Personal Data that we collect directly from you.
We collect Personal Data directly from you in the following circumstances:
Service Providers and Suppliers (including subcontractors and individuals associated with our suppliers and subcontractors): The personal data is generally business card data and will include name, employer name, phone, email and other business contact details and the communications with us.
Recruitment applicants: We collect (and may verify through third parties) personal data in connection with our recruitment activities. This Personal Data is generally CV data. If your application is successful, we perform pre-employment screening checks as part of our on boarding process. Depending on the role you have applied for, these checks may include criminal records and credit checks. We also collect bank account details and other information if application is successful.
Visitors to our offices (for business or otherwise):
We have security measures in place at SAPREF offices, including CCTV and building access controls. CCTV images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). As a National Key Point, we require visitors to our offices to sign in at the gates and reception arears. Our visitor records are securely stored and only accessible on a need to know basis. This data includes Personal Data, license details, company details and vehicle details.
Guest WIFI: We may monitor traffic on our guest WIFI networks using industry standard intrusion detection systems. This allows us to see limited information about a user’s network behaviors but will include being able to see at least the source and destination addresses the user is connecting from and to. We cannot inspect encrypted web pages and therefore do not have access to any information (personal or otherwise) that the user might share via these web pages.
Contact us or provide feedback: if you request information from us, we may collect your name, contact information, job title, industry, location, and inquiry information. We may also obtain your feedback about our products, services and solutions when you respond to our surveys
Subscribe to our mailing lists or newsletters: if you request newsletters or join our mailing lists, we collect your email address.
Register and attend our events (staff, community, business or otherwise): we collect your name, contact information, meal preferences, contact preferences, and additional information as may be noted in our event forms
Use our Sites(for professional and personal use): when you use our Sites, we will collect information about your use of the Site and any information that you submit through that Sites
Interactions on our social media pages: if you post to our social media pages, we may collect information about you from your post. We typically use this information to respond to your inquiry and we do not usually associate this information with your account
Data that we automatically collect
We, and our service providers, automatically collect the following information about your use of our Sites and our Sites through cookies, web beacons, and other technologies including: your domain name; your browser type and operating system; web pages you view; links you click; language preferences; demographic information; your IP address; the length of time you visit or use our Sites; and the referring URL, or the webpage that led you to our Sites. We may also collect your approximate location through collection of your IP address. Typically, we do not combine this information with other information that we have collected about you, including, other Personal Data. For more information, see the "Cookies and Similar Technologies" section below.
We do not collect sensitive or special category Personal Data about you, e.g. information relating to your health, biometric or genetic information, religion, political beliefs, union membership, race or sexual orientation and ask that you do not send or provide this information to us.
You can choose not to provide Personal Data to us in certain circumstances. However, if your Personal Data is necessary to provide you with our products, services or solutions, access to our Sites, or to perform administrative
functions, we may be unable to do these things without your Personal Data.
3. How we Use your Personal Data
We Use your Personal Data for the following purposes depending on the purpose for which your Personal Data was collected and our relationship with you:
Performance of or entry into a contract with you or your employer: to provide our products, services or solutions to you and to take action on your requests
Our legitimate business interests: to protect our legitimate business interests or those of a third party with whom we share your Personal Data. In particular, we rely on legitimate interests for the purpose of managing, operating or promoting our business, including transfers of Personal Data for business and administrative purposes. Whenever we rely on this basis to Use your Personal Data, we assess our business interests to ensure that they do not override your fundamental rights and freedoms. Additionally, you may have the right to object to our Use of your Personal Data in certain circumstances. See the ’Your Rights’ section of this Privacy Statement
Compliance with a mandatory legal obligation: to ensure that we comply with applicable laws and regulations that govern and regulate how we do business
Consent you provide: where you have provided consent to us to Use your Personal Data. You may withdraw your consent at any time. When you give your consent, you will be given details on how we will Use your Personal Data and where you can go to withdraw your consent if you change your mind
4. How we share information about you
We may share your Personal Data with the following parties for the purposes set out in this Privacy Statement (as applicable):
Our Shareholders: for the purposes set out in this Privacy Statement. SAPREF is the party responsible for the management of jointly Used Personal Data
Service providers: to provide operational services or facilitate transactions on our behalf.
Authorities: to respond to a request for information by a competent authority in accordance with, or required by any applicable law, regulation or legal process; or where necessary to comply with judicial proceedings, court orders or government orders
We also may share Personal Data in the following circumstances:
When you consent to the sharing of your Personal Data
In connection with, any joint venture, merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company and to our advisors and the advisors of the other company in such transactions
To protect the rights, property or safety of SAPREF, its business partners, you, or others, or as otherwise required by applicable law
For other legal reasons
When we share Personal Data with our service providers or other parties, we have taken reasonable efforts to ensure that they implement appropriate physical, administrative and technical safeguards to protect Personal Data and are not permitted to use Personal Data for any purpose other than the purpose for which they are provided with or given access to Personal Data
5. How we protect information about you
We are committed to protecting your Personal Data. We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorized persons are provided access to personal information; such individuals have agreed to maintain the confidentiality of this information.
Please note that we cannot guarantee the security of your Personal Data and you are required to take reasonable steps to protect your Personal Data (e.g. by not sharing your passwords, choosing strong passwords and other measures). the transmission of data over the internet (including by e-mail) is never completely secure.
6. How long we keep information about you
We keep information about you for as long as is necessary to fulfil the purpose for which it was collected, unless we are required to keep it for longer to comply with our legal obligations, resolve disputes, protect our assets, or enforce our rights. The criteria we use to determine how long we keep Personal Data includes:
we are under a legal, contractual or other obligation to keep your Personal Data, or as part of an investigation for litigation purposes
your Personal Data is needed to maintain accurate business and financial records
you have consented to us keeping your Personal Data for a longer time period and we keep your Personal Data in line with your consent In some instances, we may anonymize your information and may keep those anonymized records for longer periods.
7. Cross-border transfers
As a joint venture company with shareholders situated in countries worldwide, we may transfer your Personal Data to countries where we do business or to international organizations in connection with the purposes identified above and in accordance with this Privacy Statement.
When we transfer your Personal Data outside of the country from where it was originally collected to a third country or international organization we ensure that appropriate safeguards are in place, in line with applicable law, to ensure that your Personal Data is protected.
8. Your rights
You have rights under various data protection laws in various countries in relation to your Personal Data but we offer them irrespective of your location.
We are committed to upholding your rights, including:
Right to be informed: you have a right to know what Personal Data we have about you, what we do with it, where we get it from, who we share it with, how long we keep it and why we need it
Right of access: you have the right to access your Personal Data and obtain a copy of your Personal Data from us
Right to rectification: you have the right to update inaccurate and/or incomplete Personal Data about you Right to be forgotten: you have the right to have your Personal Data erased, deleted or destroyed
Right to data portability: you have the right to move, copy or transfer your Personal Data in a safe and secure way and reuse it for your own purposes (or ask us to do so if technically feasible)
Right to withdraw consent: you have the right to withdraw consent at any time regarding the use of your Personal Data or in relation to direct marketing activities
Right to complain: you have the right to make a complaint or raise a concern about how we Use your Personal Data. Complaints may be made directly to us or a relevant Data Protection Authority
Where you contact us we may request specific information from you to verify your identify to enable us to assist you. Where permitted under applicable law we may charge you a reasonable fee to access your Personal Data, however we will advise you of any fee in advance.
In some cases, we may not be able to meet a request due to other legal or regulatory factors, or we may not be required to enforce these rights under applicable law. We may also have a legitimate business interest to decline a request to action your rights.
You may contact us with requests, complaints or questions regarding these rights as set forth in the ‘How to contact us’ section, below.
9. Cookies and similar technologies
enabling you to sign-in to our Sites
keeping track of information, you have provided to us
improving your browsing experience
customizing our interactions with you
storing and managing your preferences and settings
compiling statistical data
analyzing the performance and usability of our Sites
measuring traffic patterns for our Sites
determining which areas of our Sites have been visited
These technologies collect information that your browser sends to our Sites including using data, such as your browser type, information about your IP address (a unique identifier assigned to your computer or device which allows your PC or device to communicate over the Internet), together with the date, time and duration of your visit, the pages you view and the links you click.
Our Sites may also contain web beacons or similar technologies from analytics providers, through which they collect information about your activities across our Sites to help us compile aggregated statistics.
10. Links to third party websites and applications
Our Sites may provide links to the websites of other parties. Some of the content, advertising, and functionality of our Sites may be provided via other parties that are not affiliated with us.
We are not responsible for and make no representations or warranties in relation to the security, privacy practices and content of these websites. Please ensure that you read the applicable privacy and cookies policies of these third party sites before sharing Personal Data on these third party sites. Your use of such third party sites is at your own risk.
11. Children's Privacy
We encourage parents and guardians to take an active role in their children’s online activities. We do not aim our Sites at children. If you believe that we may have collected Personal Data about someone who is under the applicable age of consent in your country without proper consent of the child’s parent or guardian, please contact us
12. Updates to our Privacy Statement
This privacy statement was last updated on 28 September 2020
We may update our Privacy Statement at any time. If we do, we will update the ’Last update’ information above.
The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.
13. How to contact us
If you have any questions about how we Use your Personal Data, have a privacy concern, or wish to make a request or complaint relating to your Personal Data, please contact us at Data and Privacy Portal