Privacy Notice

Modified on Mon, 20 May at 7:18 PM

This privacy notice is part of your agreement with Compliance Online

1. Your privacy is important to us

At the core of our business practices we are committed to be transparent about the data we collect about you, how it is used and with whom it is shared.

This Privacy Notice applies when you use any of our Services (described below). We offer you choices about the data we collect, use and share in terms of this Privacy Notice.

During the course of our interactions, you share personal information with Compliance Online.

This notice tells you what to expect when we collect and use your information. It is part of our agreement with you, and we may need to update it periodically, but we will inform you when we do. You should read this notice along with the terms and conditions that apply to the products and services you use.

If you have any questions, please contact us at +27 21 863 0073 or via support@complianceonline.co.za.

Deputy Information Officer: privacy@complianceonline.co.za

2. To which services does this notice apply?

This Privacy Notice applies to services supplied on complianceonline.co.za, policypassport.com, and your communications with us, but excluding services that state they are offered under a different Privacy notice or Policy.

3. What personal information do we collect?

We collect:

Company and financial information of our clients in order to conclude a contract with them
The personal information of users of our services - this includes their:
name and surname (so that we know who you are)
identity and employee number (so that we can avoid duplications on our system)
employment information (who your employer is and your position)
e-mail addresses and telephone number (so that we can communicate with you)
gender and race (we collect this in order to assist your employer to comply with B-BBEE legislation)
training and test results

4. When and how do we process your personal information?

4.1 We process your personal information to fulfil aspects of our contract with you

When you or your company make payment	We collect your or your company’s financial details to complete the purchase of any of our services.
When we give you access to our services	We collect your personal information to create an online profile and to regulate and monitor your access to and participation in using our services.
When we report on your results	We may send your training, testing, and completion results to you and to your employer.
When we send information	We may send information about the topics on which you were trained to you and your employer.

4.2 We may process your personal information if it is in your legitimate interest or our legitimate interest

When you contact us

When you contact us by e-mail or telephone with a query, complaint or request, we collect the information included in your message. We use the information we collect to reply to, investigate and resolve your query, complaint or request.

When you visit our website

We use cookies to optimise your website experiences. When you visit:

https://complianceonline.co.za
https://ello.complianceonline.co.za
https://policypassport.com
https://admin.policypassport.com
https://vervetalert.com

We collect standard information about your internet connection and website use. We use this information to help us improve our website and online services. The type of information we collect includes the URL you came from, IP address, domain type, browser type, the country and telephone code where your device is located, the web pages viewed during your visit, the links on which you clicked, and any search terms you entered on our website (user information).

4.3 We may process your personal information when you give us your consent to do so

When we market our services to you, if you give us your permission

From time to time we may collect your personal information to send you our marketing material if you give us your permission. You will be asked whether you want to receive it and you will always be able to unsubscribe from it at any time by clicking on the unsubscribe link at the bottom of the email.

5. What about children’s information?

We do not knowingly collect personal information of children without the consent of a parent or guardian.

If you are younger than 18 years old, we will always ask for consent to process your personal information from your parents or guardian.

6. Do we share your information with others?

We only share your information with others we trust. This includes the following infrastructure providers and sub-processors:

Entity Name	Registered Country	Activity	Country where processing is performed	Privacy Documentation
Amazon Web Services Inc.	USA	Storage, CDN	Ireland, Germany, South Africa	https://aws.amazon.com/privacy
DigitalOcean, LLC	USA	Compute, Load balancing, Managed Database, VPC	UK	https://www.digitalocean.com/legal/privacy-policy/
Xero Limited	New Zealand	Financial data	European Economic Area	https://www.xero.com/za/about/legal/privacy/
FHBC (Pty) Ltd	RSA	Accounting, Auditing	RSA	https://www.fhbc.co.za/our-legal-notices-2021/
Google, Inc.	USA	Email, Storage, Workspace	European Economic Area	https://workspace.google.com/intl/en_za/security/
Twilio Inc.	USA	SMS, Email	USA, European Economic Area	https://www.twilio.com/legal/privacy
Freshworks Inc.	USA	Helpdesk	European Economic Area	https://www.freshworks.com/privacy/
Microsoft Corporation	USA	Software	European Economic Area, USA	https://privacy.microsoft.com/en-gb/privacystatement

We never sell or share your information for marketing purposes with anyone.

7. Do we send your information to other countries?

Some of the service providers that we use are located in other countries, for example our cloud storage service providers are located in the European Union. If we send information to anyone who is located in a country that does not have the same level of protection of personal information as South Africa or the European Union, we require that they undertake to protect the personal information of our customers to the same level that we do.

We provide for appropriate safeguards by means of contracts between us and our foreign service providers.

8. How long do we keep your information?

We only keep your information for as long as we need to. We retain your information for record-keeping purposes. This ensures that you and your employer have continued access to the results. If you ever change employment and your new employer is also one of our clients, you may not have to repeat training that you have completed as we will have access to your full training history.

You can request to have your information deleted. However, we may not be able to comply with your request if we are under a legal obligation to retain the information. In some cases we may choose to retain certain information in anonymised or aggregated form.

If you choose to terminate your use of our services we may retain your personal data even after we have closed your account if reasonably necessary to comply with our legal obligations, meet regulatory requirements, maintain security, or fulfill your request to “unsubscribe” from further messages from us. We will retain depersonalised information after your account has been closed such as how you used our services or your financial information.

9. What do we do to protect your information against a breach?

We have taken reasonable steps to minimise the impact of a breach

We have implemented reasonable security measures based on the sensitivity of the information we hold, such as using HTTPS. These measures are in place to protect the information from being disclosed, from loss, misuse and unauthorised access, and from being altered or destroyed.

We regularly monitor our systems for possible vulnerabilities and security breaches, but no system is perfect and we cannot guarantee that we will never experience a breach of any of our physical, technical or managerial safeguards. If something should happen, we have taken steps to minimise the threat to your privacy. We will let you know of any breaches which affect your personal information and inform you how you can help minimise the impact.

You also have a role to play in keeping your information secure. For example, you should never share personal information with us in an email, because while our servers are protected, it is still possible that email can be intercepted. Instead, send your information using an encrypted communication method or phone us on +27 21 863 0073.

10. What are your rights when it comes to your personal information?

You have the right to be informed about the personal information we have, and what we do with it.

You have the right to:

ask us what we know about you
ask what information was sent to our suppliers, service providers or any other third party
ask us to update, correct or delete any out-of-date or incorrect personal information we hold about you if it is no longer necessary to provide services to you
receive all of the information we have about you and to transfer it to another service provider in machine readable form
unsubscribe from any direct marketing communications we may send you
object to the processing of your personal information.

You can request access to the information we hold about you or correct your personal information by contacting us at support@complianceonline.co.za.

It can take us up to 21 business days to respond to your request, because there are procedures that we need to follow. In certain cases, we may require proof of your identity, and sometimes changes to your information may be subject to additional requirements such as valid proof of residence.

11. Your rights in terms of the GDPR

If you are in the European Union, you have these rights in terms of the GDPR:

The right to be informed about the collection and use of your personal information.
The right to access your personal information. We may take one month to respond to your request and may charge a fee in some circumstances. We will let you know if this is the case.
You have the right to have inaccurate personal information corrected or completed if it is incomplete. We may take one month to respond to your request and may refuse in certain circumstances.
You have the right to have your personal information erased, also known as the ‘right to be forgotten’. We may take one month to respond to your request and may refuse in certain circumstances.
You have the right to request that we restrict or suppress your personal information. We may take one month to respond to your request and may refuse in certain circumstances.
You have the right to reuse your personal information for your own purposes across different services, also known as the right to data portability.
You have the right to object to us processing your personal information in certain circumstances. We may take one month to respond to your request. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
You have the right to complain to the Information Regulator.
You have the right to object to automated decision-making and profiling.
You may ask that a human review any automated decisions that we make about you, express your point of view about it and obtain an explanation of the decision. We may take one month to respond to your request.

If you want to exercise any of these rights, please contact us via support@complianceonline.co.za.