CENTRAL BOATING (PTY) LTD
1. INTRODUCTION1.1. Central Boating (Pty) Ltd strive to ensure that our use of the Personal Information of data subjects is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving your experience as a prospective or existing customer, Service Provider or employee of Central Boating.
3. OUR SERVICES3.1. We offer (among others) the following services (“our Services”):
3.1.1. marine and boating-related products and services;
3.1.2. financial services and products, including bridging finance, marine finance and project finance;
3.2. We collect Personal Information about you when you:
3.2.1. contract with us for our Services;
3.2.2. book or inquire about any of our Services;
3.2.3. access our Website, mobile applications or related software systems;
3.2.4. contact us, or otherwise interact with us; and/or 3
.2.5. join Central Boating as an agent, broker, sales associate, or employee.
4.2. This Policy applies to all external parties with whom we interact, including but not limited to:
4.2.1. applicants, individual customers, potential customers and recipients of our Services (including individuals who book or enquire about our Services with or through us or who are the recipients of any Services booked with or through us);
4.2.2. representatives of customer organisations;
4.2.3. individuals whose Personal Information is collected from other companies in our Group (such as where you have consented to your Personal Information being disclosed to other group companies for marketing purposes);
4.2.4. our suppliers and service providers;
4.2.5. visitors to our offices;
4.2.6. other users of our Services.
5. YOUR CONSENT5.1. By providing us with your Personal Information, you:
6.2. “Personal Information" refers to private information about an identifiable living natural or juristic person. Personal Information does not include information that does not identify a person or anonymized information.
6.3. The Personal Information we collect may differ according to the Services you receive from Central Boating. We may process various categories of Personal Information, such as:
6.3.1. Identity Information, when interacting with us as a customer, including information concerning your name, company name, identity and registration numbers, title, date of birth, gender, and legal status, languages, physical address;
6.3.2. Contact Information, which includes your billing address, service addresses, physical address, email address and telephone numbers;
6.3.3. Credit Information, to assess our transactional risk and your creditworthiness, including credit history reports from credit bureaus (with your consent where required by law);
6.3.4. Criminal behaviour history, where permitted in respect of prospective employees and job applicants;
6.3.5. Financial Information, where permitted, including bank account details, bank statements and financial statements;
6.3.6. Human Resources in respect of our own employees, including leave records, job applications, medical aid information to administer employment contracts and comply with our legal obligations;
6.3.7. Tax Information where permitted, which includes IRP5 records, PAYE records and VAT registration numbers;
6.3.8. Technical Information, which includes your internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform, on the devices you use to access our Website, products or Services.
6.3.9. Business-related information, if you are an individual associated with a business or other organisation that is our customer, then your Personal Information may include the following information that we link to you: business or organisation details (such as name, address, telephone numbers, payment arrangements, financial information, etc.) your relationship with that business or organisation (such as owner, partner, director, shareholder, employee, or agent); your contact details within that business (such as work address, work telephone and mobile numbers, work fax number, and work e-mail address.
6.3.10. Correspondence, including messages between you and us, and between us and third parties, including correspondence relating to any booking or enquiry, or performance of any contract.
6.3.11. Competition information, including Personal Information collected during any competitions or promotions held by us or our Associates.
6.3.12. Account, Registration, Membership and Loyalty Information, including your participation in any loyalty program.
6.3.13. Usage Information, which includes information as to your access to and use of our Website, products and Services.
6.3.14. Marketing and Communications Information, which includes your preferences in respect of receiving marketing information from us and your communication preferences.
7. SPECIAL PERSONAL INFORMATION7.1. Where we need to process your Special Personal Information, we will do so in the ordinary course of our business, for a legitimate purpose, and per applicable laws.
8. HOW WE COLLECT PERSONAL INFORMATION?8.1. You directly provide Central Boating with most of the Personal Information we process. We collect and process Personal Information in the following ways, namely:
8.1.1. through direct or active interactions with you;
8.1.2. through passive or automated collections;
8.1.3. in the course of providing our Services to you or your organisation, including where you register as a customer to use any of our Services or you opt-in to receiving any direct marketing from us;
8.1.4. in evaluating job applicants and onboarding Employees;
8.1.5. from third parties, where permitted.
8.2. Direct or active collection
8.2.1. We may require that you submit certain information to enable you to access portions of our Website, to make use of our Services, to facilitate the negotiation and conclusion of an agreement with us, or that is necessary for our compliance with our statutory, professional or regulatory obligations.
8.2.2. We also collect Personal Information when you communicate directly with us. For example: (a) Via email, meetings and telephone calls; (b) When you fill in forms or registers, or make a purchase with us; (c) When you voluntarily complete a customer survey, provide feedback or ask for marketing information to be sent to you.
8.2.3. If you contact us, we reserve the right to retain a record of that correspondence or telephone call, which may include Personal Information.
8.2.4. The Personal Information we collect from you may include any of the categories listed in the paragraph above depending on what will be necessary to perform the Services.
8.3. Passive (automated) collection
8.3.1. We may passively collect certain categories of your Personal Information from the devices that you use to access and navigate our Website or to make use of our Services (“Access Devices”) using server logs and your browser’s cookies.
8.3.2. The categories of Personal Information we passively collect from your Access Device may include your: a) Technical Information; b) Usage Information; and/or c) Any other Personal Information which you expressly permit us, from time to time, to passively collect from your Access Device.
8.4. Indirect collection (from third parties)
8.4.1. We may also receive your Personal Information indirectly from, among others, the following sources (including public parties): a) our information technology suppliers; b) law enforcement; c) credit bureaus (with your consent, where required by law). d) from other Responsible Parties where we act as contracted outsourced processors (“Operators”) in performing our Services, including: Banks and other financial institutions; Telecommunications providers; Insurers.
8.4.2. When we collect your Personal Information from third parties it is either because you have given us express consent to do so, your consent was implied by your actions, or because you provided consent, either explicit or implicit, to the third party that provided this information to us.
9. HOW WE USE YOUR PERSONAL INFORMATION9.1. We Process your Personal Information in the ordinary course of the business of providing our Services.
9.2. We also use the Personal Information we collect to maintain and improve our Website and to improve the experience of its users, to facilitate the provision of our Services to you, and to comply with our statutory and regulatory obligations.
9.3. We use your Personal Information only for the purpose for which it was originally collected by the relevant Responsible Party and strictly in accordance with their instructions. We only use your Personal Information for a secondary purpose only if such a purpose constitutes a legitimate interest and is closely related to the original purpose and instructions for which the Personal Information was collected.
9.4. We may process your Personal Information during the course of various activities, including but not limited to, the following:
9.4.1. providing our Services at your request;
9.4.2. processing, collecting and administering payments for our Services rendered;
9.4.3. providing customer support and responding to and communicating with you about your requests, questions and comments (including responding to purchase order enquiries and product searches for boat accessories);
9.4.4. transfer of limited and necessary information to our Service Providers and other third parties where required to perform our obligations to you (including providers of any related services which are enquired about, and their intermediaries);
9.4.5. with your consent (where required by law), for relationship management and marketing purposes in relation to our Services, including, but not limited to, the development and improvement of our Services, marketing activities (promotions and special offerings), and for accounts management to establish, maintain and/or improve our relationship with you;
9.4.6. to keep internal records and maintain reasonable archives, including enquiries, purchase orders, contracts, tax invoices, quotations, and complaints;
9.4.7. to carry out direct marketing to you (see Direct Marketing section below for further information); 9.4.8. to detect, prevent, manage and protect against actual or alleged fraud, security breaches, misuse, and other prohibited or illegal activity, claims and other liabilities;
9.4.9. to protect our rights in any litigation that may involve you;
9.4.10. to comply with our regulatory reporting obligations, including submissions to the South African Reserve Bank, Financial Intelligence Centre, South African Revenue Services, Information Regulator and/or other authorities;
9.4.11. for other lawful and legitimate purposes that are relevant to our business operations or regulatory functions.
9.4.12. conduct our recruitment and hiring process, which includes, referrals, capturing job applicant’s details and providing status updates to job applicants to protect our legitimate interest in ensuring a safe working environment.
9.4.13. operate, evaluate and improve our business units, including: (a) developing new products and services; (b) managing our communications; (c) determining the effectiveness of our sales, marketing and advertising; (d) analysing and enhancing our products, Services, websites and apps; (e) maintaining the safety, security and integrity of our Website, products and Services, databases, networks and other technology assets, and business; (f) performing accounting, auditing, invoicing, procurement, reconciliation and collection activities; and (g) improving and maintaining the quality of our customer service;
9.4.14. for the purpose otherwise described to you when collecting your Personal Information, or as otherwise outlined in POPIA.
9.5. Central Boating will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
10. DIRECT MARKETING (ELECTRONIC)10.1. Central Boating would like to send you information about our product and service offerings we believe may be of interest to you.
10.2. We may send marketing materials to our customers’ email addresses (including individuals who book or enquire about our Services with or through us or who are the recipients of any Services booked with or through us) as permitted by POPIA, provided that:
10.2.1. your name and contact details were obtained in the context of the sale of our products or Services (including any inquiries, requests concerning our products and Services);
10.2.2. we contact you to market our similar products or Services.
10.2.3. you may opt-out at any time and free of charge on any of our marketing communications or by emailing firstname.lastname@example.org________.
10.3. If you are not our customer, we may send marketing materials to where you give us your express “opt-in” consent (either digitally or in-person) to send you marketing materials through your preferred electronic channels of communication, provided that we shall keep a record of your consent and you may opt-out any time and free of charge on any of our subsequent marketing communications.
10.4. Once you have chosen to opt-out, we may send you written confirmation of receipt of your opt-out request (which may be in electronic form), and we will thereafter not send any further direct marketing communication to you. However, you may continue to receive communication from us on matters of a regulatory nature, which are not marketing related.
11. LEGAL BASIS FOR COLLECTING AND PROCESSING INFORMATION11.1. We will only collect and process your Personal Information where:
11.1.1. You have provided us with your consent (as permitted by law);
11.1.2. To perform in terms of a contract with you;
11.1.3. To protect your legitimate interests;
11.1.4. To pursue our legitimate interests and our customers’ legitimate interests which include: (a) providing Services to and managing our relationship with existing customers; (b) fraud and financial crime detection and prevention; (c) information, system, network, and cybersecurity; (d) general corporate operations, due diligence and risk assessment; (e) complying with a legal obligation, and/or enforcing and defending legal claims.
12. COMPULSORY PERSONAL INFORMATION AND CONSEQUENCES OF NOT SHARING WITH US12.1. Where we are required to process certain Personal Information by law, or in terms of a contract that we have entered into with you, and you fail to provide such Personal Information when requested to do so, we may be unable to perform in terms of the contract in place or are trying to enter into with you. In such a case, we may be required to terminate the contract and/or relationship with you, upon due notice to you, which termination shall be done in accordance with the terms of that contract and any applicable legislation.
13.2. We may disclose your Personal Information to our contracted Responsible Parties, Service Providers and Associates for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and appropriate data protection measures.
13.3. In addition, may disclose your Personal Information:
13.3.1. where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defence of legal rights;
13.3.4. to enable us to enforce, implement, or apply any other contract between you and us, or any contract where we act as an agent of the principal contracted with you;
13.3.5. to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents, brokers or any other third party;
13.3.6. to any relevant third party acquirer(s), in the event that we sell or transfer all or any portion of our business or assets (including, but not limited to, in the event of a reorganization, dissolution or liquidation);
14. STORAGE AND TRANSFER OF PERSONAL INFORMATION14.1. We have engaged reputable and trusted organisations as outsourced processors (Operators), and in some cases, as sub-processors to provide data storage and cloud services to securely store your information. Our servers and cloud storage run in secure premises located in South Africa.
14.2. We reserve the right to generally transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, or outside of South Africa in a jurisdiction that may not have comparable data protection legislation; Provided that if the location does not have substantially similar laws to those of South Africa, we will take reasonably practicable steps, including the imposing of suitable contractual terms to ensure that your Personal Information is adequately protected in that jurisdiction.
15. SECURITY AND INTEGRITY15.1. We take all reasonable technical and organisational measures to secure the integrity of retained information and protect it from misuse, loss, alteration, and destruction through the use of accepted technological standards that prevent unauthorised access to or disclosure of your Personal Information. Unfortunately, despite our best efforts, no data transmission or storage can be guaranteed to be 100% secure. Therefore, we do not make any warranties or guarantees that content shall be entirely 100% secure nor do we accept any liability of whatsoever nature for loss of privacy resulting from any unauthorised disclosure and/or use of your Personal Information, unless such disclosure and/or misuse is because of our gross negligence. However, we are subject to the Protection of Personal Information Act 4 of 2013, which we comply with.
15.2. Our servers are protected by firewalls and access to Personal Information is limited to minimal authorised personnel of Central Boating. The security of our Website and IT systems is also tested regularly, and every effort is made to ensure that security is at an optimum level at all times.
15.3. When processing payment card details, we comply with the applicable Payment Card Industry Data Security Standard (PCI-DSS standard).
15.4. We periodically review our Personal Information collection, storage and processing practices, including physical and digital security measures.
15.5. We have established and implemented data breach management procedures to address actual and suspected data breaches and will notify you and the relevant regulatory authorities of breaches where we are legally required to do so and within the period in which such notification is necessary.
16. RETENTION AND DELETION16.1. We may retain and process some or all of your Personal Information if and for as long as:
16.1.1. we are required or permitted by law, or contract with you, to do so;
16.1.2. it is for lawful purposes that are related to our performance of our obligations and activities; or
16.1.3. you agree to us retaining it for a specified further period.
16.2. Unless there is a lawful purpose for us to continue processing or storing your Personal Information, we will destroy your Personal Information in the following circumstances:
16.2.1. the Personal Information is no longer necessary for the purpose for which it was collected or processed; or 16.2.2. you withdraw your consent to the processing of your Personal Information; or
16.2.3. you object to the processing of your Personal Information; and
16.2.4. there are no other lawful grounds for us to continue processing your Personal Information.
16.3. We determine the appropriate retention period for Personal Information by considering, among other things, the nature and sensitivity of the Personal Information, the potential risks or harm that may result from its unauthorised use or disclosure, the purposes for which we process it and whether those purposes may be achieved through other means. We will always comply with applicable legal, regulatory, tax, accounting, labour, or other requirements as they apply to the retention of Personal Information.
16.4. We will destroy your data using effective methods including, among others, shredding.
17. MAINTENANCE, CORRECTIONS AND ACCESS17.1. We are required to take all necessary steps to ensure that your Personal Information is accurate, complete, not misleading and up to date.
17.2. Anyone about whom we maintain Personal Information may request to inspect and, if appropriate, correct the Personal Information held by us. It is your responsibility to inform us, or the persons responsible for the maintenance of your Personal Information, should your Personal Information be incorrect, incomplete, misleading or out-of-date by notifying us at contact details in paragraph 2.1 above. We may require additional information from the requesting party to assure itself of the legitimate basis for the request and the identity and authority of the requestor. Upon receipt and verification of the corrected Personal Information, we will adjust our data or records accordingly.
17.3. A request for correction/deletion of Personal Information or destruction/deletion of a record of Personal Information must be submitted using the prescribed Form 2 which is available in our Promotion of Access to Information Manual and the Information Regulator’s website.
18. DATA MINIMISATION18.1. We have service level agreements with third parties who send us Personal Information (either in our capacity as a Responsible Party or Operator). These state that only relevant and necessary information is to be provided as it relates to the processing activity we are carrying out.
18.2. We have destruction procedures in place where a data subject or third party provides us with Personal Information that is surplus to our requirements.
19. YOUR DATA PROTECTION RIGHTS19.1. Data protection laws may grant you, among others, the following rights:
19.1.1. Request access to your Personal Information – enabling you to receive a copy of the Personal Information retained about you;
19.1.2. Request the correction of your Personal Information – to ensure any incomplete or inaccurate Personal Information is corrected;
19.1.3. Request erasure of your Personal Information – where there is no lawful basis for the retention or continued processing of your Personal Information;
19.1.4. Object to the processing of your Personal Information for a legitimate interest (or those of a third party) - under certain conditions where you feel it impacts your fundamental rights and freedoms; 19.1.5. Request restriction of processing of your Personal Information – to restrict or suspend the processing of your Personal Information to limited circumstances;
19.1.6. Withdraw consent given in respect of the processing of your Personal Information at any time – withdrawal of consent will not affect the lawfulness of any processing carried out before your withdrawal notice. But may not affect the continued processing of your Personal Information in instances where your consent is not required.
19.2. If an above request/objection is to be made, please use the contact information in paragraph 2.1 above and we will revert within 30 calendar days.
20. CHILDREN20.1. Our Website and our Services are not targeted at people under the age of 18. We will not knowingly collect Personal Information in respect of persons in this age group without express permission to do so, unless permitted by law.
21.1.1. IT systems and infrastructure;
21.1.2. Human resources;
21.1.4. Hosting and email infrastructure;
21.1.5. Credit reference agencies;
21.1.6. Direct marketing / mailing services.
21.2. We conduct due diligence in respect of our external Operators before forming a business relationship. We obtain company documents and references to ensure the Operator is adequate, appropriate and effective for the task we employ them for.
22. COOKIES22.1. We may place small text files called “cookies” on your device when you visit our Website. Cookies do not contain Personal Information, but they do contain a personal identifier allowing us to associate your Personal Information with a certain device. Cookies serve useful purposes for you, including:
22.1.1. Remembering who you are as a user of our Website to remember any preferences you may have selected on our Website, such as saving your username and password, or settings (“functional cookies”);
22.1.2. allowing our Website to perform its essential functions. Without these cookies, some parts of our Website would stop working (“essential cookies”). For example, information on error messages displayed to users will be collected and the developer team will assess and solve it.
22.1.3. monitoring how our Website is performing, and how you interact with it to understand how to improve our website or Services (“site analytics”).
22.2. Your internet browser may accept cookies automatically and you can delete cookies manually. However, no longer accepting cookies or deleting them may prevent you from accessing certain aspects of our Website where cookies are necessary.
22.3. As cookies are stored in the web browser used to access our Website, to disable cookies users need to change the settings pertaining to that browser in particular.
23. PRIVACY POLICIES OF OTHER WEBSITES23.1. Our Website may contain links to other websites, apps, tools, widgets and plug-ins that are run by third parties. If you visit a third-party website or social media site, you should read that website/ social media’s privacy notice, terms and conditions, and their other policies. We are not responsible for the policies and practices of third parties and social media sites. Any Personal Information you give to those organizations is dealt with under their privacy notice, terms and conditions, and other policies.
23.2. If YOU disclose your Personal Information directly to any third party other than Central Boating, CENTRAL BOATING SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY YOU AS A RESULT OF YOUR DISCLOSURE OF YOUR PERSONAL INFORMATION TO SUCH THIRD PARTIES.
26.2. If you are located outside of South Africa, you may contact the appropriate regulatory authority in your country of domicile.
ANNEXURE – DEFINITIONS"Associates" means Central Boating (Pty) Ltd group of companies, subsidiaries and the directors, employees and consultants of Central Boating (Pty) Ltd or any of its group companies or subsidiaries;
“Operator" means any person or entity that Processes Personal Information on behalf of a Responsible Party.
“Personal Information” means information or data relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to information relating to -
- race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
“Service Provider” means third party providers of various services with whom Central Boating (Pty) Ltd engages, including, but not limited to, software licensors, developers and suppliers of software, providers of information technology, communication, file storage, data storage, copying, printing, distribution/logistics, accounting or auditing services, counsel, investigators, attorneys, and employee provident/pension fund administrators, and our insurers and professional advisors;
“Special Personal Information” means Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.