This privacy notice is part of your agreement with Compliance Online
- What personal information we collect
- We collect your information when you interact with us
- We may process your personal information if it is in your legitimate interest or our legitimate interest to do so
- We may process your personal information when you give us your consent to do so
- What about children’s information?
- We share your information with others we trust
- We send your information to other countries
- We don’t keep your information for longer than we need
- We have taken reasonable steps to minimise the impact of a breach
- You have the right to be informed about the personal information we have, and what we do with it
- Your rights in terms of the GDPR
During the course of our interactions, you share personal information with Compliance Online.
This notice tells you what to expect when we collect and use your information. It is part of our agreement with you, and we may need to update it periodically, but we will inform you when we do. You should read this notice along with the terms and conditions that apply to the products and services you use.
If you have any questions, please contact us at 021 863 0073 or via firstname.lastname@example.org.
Deputy Information Officer: email@example.com
What personal information we collect
- company and financial information of our clients in order to conclude a contract with them
- your personal information if you participate in our training - this includes your:
- name and surname (so that we know who you are)
- identity or employee number (so that we can avoid duplications on our system)
- employment information (who your employer is and your position)
- e-mail addresses (so that we can communicate with you)
- gender and race (we collect this in order to assist your employer to comply with B-BBEE legislation)
- training results
We collect your information when you interact with us
We process your personal information to fulfil aspects of our contract with you
|When you or your company make payment||We collect your or your company’s financial details to complete the purchase of any of our services.|
|When we give you access to a training programme||We collect your personal information to create an online profile and to regulate and monitor your access to and participation in the training programme.|
|When we deliver your results||We will send your training results to you and to your employer.|
|When we send information||We may send information about the topic on which you were trained to you and your employer.|
We may process your personal information if it is in your legitimate interest or our legitimate interest to do so
|When you contact us||When you contact us by e-mail or telephone with a query, complaint or request, we collect the information included in your message. We use the information we collect to reply to, investigate and resolve your query, complaint or request.|
We collect standard information about your internet connection and website use. We use this information to help us improve our website and online services. The type of information we collect includes the URL you came from, IP address, domain type, browser type, the country and telephone code where your device is located, the web pages viewed during your visit, the links on which you clicked, and any search terms you entered on our website (user information).
We may process your personal information when you give us your consent to do so
|When we market our services to you, if you give us your permission||From time to time we may collect your personal information to send you our marketing material if you give us your permission. You will be asked whether you want to receive it and you will always be able to unsubscribe from it at any time by clicking on the unsubscribe link at the bottom of the email.|
What about children’s information?
We do not knowingly collect personal information of children without the consent of a parent or guardian.
If you are younger than 18 years old, we will always ask for consent to process your personal information from your parent or guardian.
We share your information with others we trust
Infrastructure sub-processors: Service data storage
|Amazon Web Services, Inc.||Cloud Service infrastructure provider|
|Heroku, a Salesforce, Inc company||IaaS provider|
|Google, Inc.||Cloud Service Provider|
Service specific subprocessors
|Entity name ||Purpose|
|Twilio, Inc.(Sendgrid)||Cloud based SMS and transactional mail provider notification services provider|
We send your information to other countries
Some of the service providers that we use are located in other countries, for example our cloud storage service providers are located in Ireland and Germany. If we send information to anyone who is located in a country that does not have the same level of protection of personal information as South Africa or the European Union, we require that they undertake to protect the personal information of our customers to the same level that we do.
We provide for appropriate safeguards by means of contracts between us and our foreign service providers. You can ask us for a copy of these safeguards at firstname.lastname@example.org.
We don’t keep your information for longer than we need
We retain your information indefinitely for record-keeping purposes. This ensures that you and your employer have continued access to the results. If you ever change employment and your new employer is also one of our clients, you may not have to repeat training that you have completed as we will have access to your full training history.
You can request to have your information deleted. However, we may not be able to comply with your request if we are under a legal obligation to retain the information.
We have taken reasonable steps to minimise the impact of a breach
We have implemented reasonable security measures based on the sensitivity of the information we hold. These measures are in place to protect the information from being disclosed, from loss, misuse and unauthorised access, and from being altered or destroyed.
We regularly monitor our systems for possible vulnerabilities and attacks, but no system is perfect and we cannot guarantee that we will never experience a breach of any of our physical, technical or managerial safeguards. If something should happen, we have taken steps to minimise the threat to your privacy. We will let you know of any breaches which affect your personal information and inform you how you can help minimise the impact.
You also have a role to play in keeping your information secure. For example, you should never share personal information with us in an e-mail, because while our servers are protected, it is still possible that email can be intercepted. Instead, contact us at 021 863 0073.
You have the right to be informed about the personal information we have, and what we do with it
You have the right to:
- ask us what we know about you
- ask what information was sent to our suppliers, service providers or any other third party
- ask us to update, correct or delete any out-of-date or incorrect personal information we hold about you
- receive all of the information we have about you and to transfer it to another service provider
- unsubscribe from any direct marketing communications we may send you
- object to the processing of your personal information.
You can request access to the information we hold about you or correct your personal information by contacting our deputy information officer at email@example.com.
It can take us up to 21 days to respond to your request, because there are procedures that we need to follow. In certain cases, we may require proof of your identity, and sometimes changes to your information may be subject to additional requirements such as valid proof of residence.
Your rights in terms of the GDPR
If you are in the European Union, you have these rights in terms of the GDPR:
- The right to be informed about the collection and use of your personal information.
- The right to access your personal information. We may take one month to respond to your request and may charge a fee in some circumstances. We will let you know if this is the case.
- You have the right to have inaccurate personal information corrected or completed if it is incomplete. We may take one month to respond to your request and may refuse in certain circumstances.
- You have the right to have your personal information erased, also known as the ‘right to be forgotten’. We may take one month to respond to your request and may refuse in certain circumstances.
- You have the right to request that we restrict or suppress your personal information. We may take one month to respond to your request and may refuse in certain circumstances.
- You have the right to reuse your personal information for your own purposes across different services, also known as the right to data portability.
- You have the right to object to us processing your personal information in certain circumstances. We may take one month to respond to your request. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
- You have the right to complain to the Information Regulator.
- You have the right to object to automated decision-making and profiling.
- You may ask that a human review any automated decisions that we make about you, express your point of view about it and obtain an explanation of the decision. We may take one month to respond to your request.
If you want to exercise any of these rights, please contact us via firstname.lastname@example.org.