Privacy Policy

PRIVACY POLICY

GDPR & POPIA ACT

Who we are

Our website address is: https://nbws.org and the contents are owned and operated by National Bottled Water Standards in Primrose, Germiston, Gauteng , South Africa

This Privacy Policy tells you how we will process and protect your personal information.

National Bottled Water Standards Website collects and processes the personal information of anyone who accesses our website and/or chooses to become our customer and who provides consent and information via our web forms.

By providing us with your Personal Information, you:

Agree to this Policy and authorise us to process such information as set out herein; and authorise National Bottled Water Standards, our Service Providers and other third parties to Process your Personal Information for the purposes stated in this Policy.

Personal Information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and use of your personal information.

We limit what we collect from you to your First name and e-mail address in web forms and your website, name and email address in the sales process. Without this we cannot deliver the requested info, data, gifts or services that you require .

Financial details we do not keep at all. All payments processed are handle by specialist 3rd parties such as Paypal, Payfast etc and they retain that information alone. We do not keep any of it unless we are notified that a promised or scheduled payment has failed. We will then send a communication to allow you to rectify the situation before the service is permanently terminated .

Our Privacy Policy terms may change from time to time. When we change them, the changes will be made on our website. Please ensure that you visit our website and regularly read this Privacy Policy.

Collection of Personal Information.Please refer to the above paragraphs

We may collect or obtain Personal Information about you in the following ways:

Through direct or active interactions with you, through automated or passive interactions with you;
When you visit / or interact with our website or our various social media platforms, from third parties such as payment processors listed above. Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.Please refer to our Cookie Policy

Types of Personal Information we may collect:

Contact information
Transaction information
Technical information
Usage Information
Location information
Marketing and communications information.

Legal Basis for Processing

When we process your personal information in connection with the purposes set out in this Privacy Statement, we may rely on one or more of the following legal bases, depending on the purpose for which the processing activity is undertaken and the nature of our relationship with you:

Your consent to the processing of your Personal Information;

Processing of the information is necessary for the performance of a contract or of a legal obligation. Processing is necessary for the protection of our and your legitimate interests.

Purposes of Processing Your Personal Information

We will primarily use your Personal Information only for the purpose for which it was originally collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is compatible with the primary purpose for which the Personal Information was collected.

You agree that we may process your Personal Information for the following, but not limited to, purposes, as relevant to our relationship with you:

Operating our business, complying with compulsory requirements under relevant laws and
to make information available to you on our website.Fraud prevention,complying with information requests from the Information Regulator

To conduct market research surveys and other marketing activities;

Account, payment and debt management for security, administrative and legal purposes.

We will not intentionally collect and process the Personal Information of a child unless we have the permission of a guardian or competent person (as defined by POPIA) and other international regulations

Sharing of Personal Information

In order for us to carry out our obligations and for legitimate business purposes, we may need to pass your personal information on to third parties, such as our service providers. This Privacy Policy records your consent to us passing your Personal Information onto those third parties.

We will ensure that your Personal Information is processed in a lawful manner and that the third parties or we do not infringe your privacy rights. In the event that we ever outsource the processing of your Personal Information to a third party operator, we will ensure that the operator processes and protects your Personal Information using reasonable technical and organisational measures that are equal to or better than ours.

We may also disclose your Personal Information to third parties if we are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of our companies

International Transfer of Personal Information

We use International suppliers for electronic communication and hosting from time to time.All our Suppliers adhere to the very stringent GDPR regulations, which are several levels stronger than our own POPIA Act

Data Security

We use the latest security technology to protect any information we have on our clients against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable International & European law. Both our Service providers and ourselves run 24/7 mail and malware scanning processes on our servers and local machines.

Payment Security

The payment pages or buttons that National Bottled Water Standards website use, are hosted in a PCI-DSS secure DMZ. It is protected as prescribed by the PCI-DSS standards version 2.

The transport of all data is encrypted by a SSL certificate which creates a secure https:// link between the cardholder and the payment pages.

Any credit card would be asked for 3D secure enrolment if not already enrolled with the issuer to process transactions with authentication from the cardholder issuing bank.

No card entry would be possible on our website as all card traffic will be securely posted to the payment pages. No credit / Debit card data will be stored. No unauthorized access to the payment pages site will be permitted.

Data Retention

We will retain your personal information for as long as is necessary to fulfil the purpose for which it was collected, unless a longer retention period is required to comply with legal obligations or another legitimate obligation, unless we have your consent to process it indefinitely.

Data Accuracy

The Personal Information provided to us should be accurate, complete and up-to-date. Should Personal Information change, the onus is on the provider of such data to notify us of the change and provide us with the accurate data. We can only assimilate what you supply to us.

Your Rights under this Privacy Policy

You have the right to have your personal information processed lawfully.
Your rights include the right:

To be notified that your Personal Information is being collected or that your Personal Information has been accessed or acquired by an unauthorised person e.g. where a hacker may have compromised our computer system;

To find out whether we hold your Personal Information and to request access to your Personal Information;

To request us, where necessary, to correct, destroy or delete your Personal Information;

To object to the processing of your Personal Information;

To object to the processing of your Personal Information for purposes of direct marketing, including by way of unsolicited communications;

To to submit a complaint to the Regulator if you believe that there has been interference with the protection of your Personal Information; and

To institute civil proceedings against us if you believe that we have interfered with the protection of your Personal Information.

Direct Marketing

We may process Personal Information for the purpose of direct marketing and providing you with information that may be of interest to you. We will only send you direct marketing materials if you have specifically agreed or volunteered info to receive these materials, or if you are a customer of ours, at all times in accordance with applicable laws

You may unsubscribe at any time, via the link in all communication with you and your e-mail details will immediately be removed from our database, except where that data is necessary for us to continue providing you with any Software as a Service that you have purchased and subscribe to. However, any direct marketing with that e-mail will be discontinued and only notification mails will be issued as and when your agreements with us require it to be done.

We cannot delete communication channels with you if we are still supplying a legitimate software service to you.

You may contact our Information Officer at: compliance@nbws.org

You may contact the Information Regulator at:

14.2.1. Information Regulator

https://www.justice.gov.za/inforeg/index.html

Tel: 012 406 4818

Fax: 086 500 3351

Email: inforeg@justice.gov.za