- The purpose of this policy is to enable Chrysalis Nature Store to:
- Comply with the law in respect of the data it holds about individuals.
- Follow good practice.
- Protect CHRYSALIS NATURE STORE staff and other individuals
- Protect the organisation from the consequences of a breach of its responsibilities.
- Keeping information securely in the right hands, and
- The retention of good quality information.
The definition of personal information is in terms of the Protection of Personal Information Act, 2013 (hereinafter “POPI Act” or “The Act”). The Act defines personal information as information relating to an identifiable, living, natural person and, where it is applicable, an identifiable, existing, juristic person. The POPI Act, which includes specific examples, can be found at the following link: www.gov.za/documents/download.php?f=204368.
The definition of Special Personal Information is defined by the provisions of the POPI Act, Part B, sections 26 to 33.
Unless otherwise stated, when this policy mentions “users”, it refers to any individual that currently makes use of CHRYSALIS NATURE STORE services, including CHRYSALIS NATURE STORE website users, individuals on the CHRYSALIS NATURE STORE mailing list, sponsors, and beneficiaries.
CHRYSALIS NATURE STORE records that data collected, used, and processed in the course of regular CHRYSALIS NATURE STORE operations is processed through the company’s software. CHRYSALIS NATURE STORE has verified that all data collection and processing software services in use by CHRYSALIS NATURE STORE are fully compliant with applicable privacy legislation.
Email marketing: With permission, CHRYSALIS NATURE STORE may send emails about CHRYSALIS NATURE STORE’s networks, new products, and other updates to users.
CHRYSALIS NATURE STORE defines a beneficiary as any person who receives help from CHRYSALIS NATURE STORE or gains an advantage or benefits from having a relationship with CHRYSALIS NATURE STORE. Regarding beneficiary information, CHRYSALIS NATURE STORE advises that the conditions applicable to a child’s consent in relation to information services, applicable to CHRYSALIS NATURE STORE, are as set out in POPI Act, part c, sections 34 and 35. The Act states that a child is a natural person under the age of 18 who is not legally competent. In other words, any person under the age of 18 who wishes to apply to be a beneficiary of CHRYSALIS NATURE STORE must have the permission of their legal guardian. By using CHRYSALIS NATURE STORE services, beneficiaries represent that they are at least the age of majority in their state or province of residence, or that they are the age of majority in their state or province of residence, and have given CHRYSALIS NATURE STORE consent to allow any minor dependents the use of CHRYSALIS NATURE STORE services.
There are three possible categories of information CHRYSALIS NATURE STORE may collect.
1.1.1 Information that is necessary for the control and recording of sponsor information, beneficiary information, donations, and online purchases.
CHRYSALIS NATURE STORE may ask for and collect the following personal information from users (users include, beneficiaries, sponsors, donors, etc). This information is necessary for the adequate performance of the contract between users and CHRYSALIS NATURE STORE and allows CHRYSALIS NATURE STORE to comply with its legal obligations. Without this information, CHRYSALIS NATURE STORE may not be able to provide users with a comprehensive service.
Sponsor information: When an individual signs up as a sponsor, CHRYSALIS NATURE STORE requires certain information, including the first name, surname and contact details, of the individual. CHRYSALIS NATURE STORE will require these identification details should tax authorities request it.
Beneficiary information: When CHRYSALIS NATURE STORE registers an individual as a beneficiary, CHRYSALIS NATURE STORE may require certain information from the individual, including their first name, surname, contact details, identity number, family details, education details, and, where applicable, the details of their legal guardian. Permission for the use of users’ information for promotional purposes must also be granted.
Payment information: To use certain features of CHRYSALIS NATURE STORE’s services (such as donating, agreeing to pay a regular amount, or purchasing goods), CHRYSALIS NATURE STORE may require the provision of certain financial information, including bank account or credit card information, in order to facilitate the processing of payments via third-party service providers.
When an individual provides CHRYSALIS NATURE STORE with personal information to complete a transaction, verify credit card information, for the placement of an order, arrangement of a delivery, or return of a purchase, it is implied that the individual has given CHRYSALIS NATURE STORE consent for the use of his/her personal information for that specific reason only.
1.1.2 Information individuals choose to give CHRYSALIS NATURE STORE.
An individual may choose to provide CHRYSALIS NATURE STORE with additional personal information. This additional information will be processed based on the individual’s consent i.e. An opt-in option as defined by POPI Act chapter 8, sections 69-71.
Additional sponsor information: A sponsor may choose to provide CHRYSALIS NATURE STORE with additional information for use as part of their CHRYSALIS NATURE STORE profile (such as gender, preferred language(s), details related to their place of residence, and a personal description). This information, as selected in the sponsor’s profile, is only visible to the sponsor and CHRYSALIS NATURE STORE.
Other sponsor information: A sponsor may otherwise choose to provide CHRYSALIS NATURE STORE with information when they complete a form, conduct a search, update or add information to their profile, respond to surveys, or use other features of CHRYSALIS NATURE STORE’s services.
1.1.3 Information that is necessary for the use of payment services.
The data controller requires the following information, necessary for the adequate performance of CHRYSALIS NATURE STORE’s contract with a user, to comply with applicable law (such as anti-money laundering regulations). Without providing this information, users will not be able to use CHRYSALIS NATURE STORE payment services:
Payment information: When a user makes use of CHRYSALIS NATURE STORE payment services, the data controller requires certain financial information, including but not limited to bank account or credit card information, to process payments and comply with applicable law.
Identity verification and other information: The data controller may require the following information from sponsors: identity verification information (such as images or details of a government-issued Identity Document (ID), passport, national ID card, or driver’s license) or other authentication information, including the sponsor’s date of birth, physical address, email address, phone number, and other information in order to verify their identity, provide payment services, and comply with applicable law.
1.2 Information CHRYSALIS NATURE STORE automatically collects from a users’ use of CHRYSALIS NATURE STORE internet services
When a user makes use of CHRYSALIS NATURE STORE internet services, including payment services, CHRYSALIS NATURE STORE and/or third-party service providers automatically collect information, including personal information, about the services used and how they are used. This information is necessary for the adequate performance of the contract between the user and CHRYSALIS NATURE STORE, to enable CHRYSALIS NATURE STORE to comply with legal obligations and given its legitimate interest in being able to provide and improve the functionalities of CHRYSALIS NATURE STORE.
Payment transaction information.
CHRYSALIS NATURE STORE, through its third-party service providers, collects information related to payment transactions, including the payment instrument used, date and time, payment amount, payment instrument expiration date, billing postcode, iban or swift information, the address of the user, and other transaction-related details. This information is necessary for the adequate performance of the contract between a user and CHRYSALIS NATURE STORE and to comply with the provisions of the payment services.
Cookie’s Policy: In this policy, the term “cookies” refers to cookies and other similar technologies covered by the POPI Act on Privacy in Electronic Communications. In this context, cookies are defined as small data files that an internet browser places on an individual’s computer or device. Cookies help browsers navigates websites and the cookies themselves cannot collect any information stored on an individual’s computer or in their files. When a server uses a web browser to read cookies, the server can help a website deliver a more user-friendly service. To protect internet users’ privacy, browsers only provide websites access to the cookies it has already sent to their browser.
How CHRYSALIS NATURE STORE Uses internet Collected information
CHRYSALIS NATURE STORE will use personal and non-personal information only for the purposes for which it was collected, or for purposes otherwise agreed upon. Such uses may include:
- Analysing the effectiveness of CHRYSALIS NATURE STORE advertisements, competitions, and promotions.
- Collecting information about the devices being used to view the site, such as the IP address of the website user or the type of internet browser or operating system used to access the website.
- Evaluating the use of the CHRYSALIS NATURE STORE website, products, and services.
- Auditing and record-keeping purposes.
- Market research purposes.
- Monitoring and auditing website usage.
- Improving the website experience for return visitors. For example, a site can recognise that a visitor has provided their personal information and will not request the same information a second time.
- Use in connection with legal proceedings.
- Making the site easier to use and to better tailor the site and CHRYSALIS NATURE STORE products to users’ interests and needs.
- Offering users the opportunity to take part in competitions or promotions.
- Evaluating (anonymously and in the aggregate) statistics on visitors’ website activity, such as what time the site was visited, whether it had been visited before, and what site referred the visitor to the CHRYSALIS NATURE STORE website.
- Suggesting products or services (including those of relevant third parties).
- Assisting with business development.
- Carrying out CHRYSALIS NATURE STORE obligations arising from any contracts entered into between users and CHRYSALIS NATURE STORE.
- Conducting market or customer satisfaction research or for statistical analysis.
- Confirming and verifying website visitors’ identities or to verify that a user is an authorised customer for security purposes.
- Contacting users regarding products and services which may be of interest to them, provided they have given CHRYSALIS NATURE STORE consent to do so or have previously requested a product or service from CHRYSALIS NATURE STORE and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws.
- Notifying users about changes to CHRYSALIS NATURE STORE services.
- Responding to queries or comments.
CHRYSALIS NATURE STORE will also use personal information to comply with legal and regulatory requirements or industry codes to which CHRYSALIS NATURE STORE subscribe, or which apply to CHRYSALIS NATURE STORE, or when it is otherwise allowed by law.
Where CHRYSALIS NATURE STORE collects personal information for a specific purpose, CHRYSALIS NATURE STORE will not keep it for longer than is necessary to fulfil that purpose, unless CHRYSALIS NATURE STORE must keep it for legitimate business or legal reasons. In order to protect information from accidental or malicious destruction, when CHRYSALIS NATURE STORE deletes information from CHRYSALIS NATURE STORE services, CHRYSALIS NATURE STORE may not immediately delete residual copies from CHRYSALIS NATURE STORE servers or remove information from CHRYSALIS NATURE STORE backup systems.
Users can opt out of receiving communications from CHRYSALIS NATURE STORE at any time. Any direct marketing communications that CHRYSALIS NATURE STORE sends to users will provide them with the information and means necessary to opt out.
CHRYSALIS NATURE STORE do not require or request information about users from third parties, however, CHRYSALIS NATURE STORE are provided with details of a user’s financial transactions with CHRYSALIS NATURE STORE by third-party service providers.
Certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information CHRYSALIS NATURE STORE is required to provide to them for purchase-related transactions. For these providers, CHRYSALIS NATURE STORE recommends that users read the associated privacy policies so they can understand the way in which their personal information will be handled by these providers.
It must be noted that certain providers may be located, or have facilities in, a different jurisdiction than either the user or CHRYSALIS NATURE STORE. Therefore, if users elect to proceed with a transaction that involves the services of a third-party service provider, their information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
CHRYSALIS NATURE STORE uses, saves, and processes information, including personal information, about users to provide, understand, improve, and develop CHRYSALIS NATURE STORE services; to create and maintain a trusted and safe environment; and to comply with its legal obligations to both sponsors and beneficiaries.
Collected information may be used for the following purposes:
- Enabling users’ access to and use of CHRYSALIS NATURE STORE services to obtain general information and to make payments.
- Providing customer service.
- The distribution of newsletters or support messages, updates, and account notifications.
- Compliance with national legislation
- CHRYSALIS NATURE STORE processes information given its legitimate mission in the day-to-day operations of CHRYSALIS NATURE STORE activities.
To protect your personal information, CHRYSALIS NATURE STORE takes reasonable precautions and follows industry best practices to make sure:
- Personal information is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
- Harmful activities such as fraud, spam, abuse, security incidents, are detected and/or prevented.
CHRYSALIS NATURE STORE may use data collected for the following safety-related reasons:
- To conduct security investigations and risk assessments.
- To verify or authenticate information or identifications provided by users.
- To comply with legal obligations.
- To resolve any disputes with sponsors and beneficiaries and enforce CHRYSALIS NATURE STORE agreements with third parties.
- To enforce CHRYSALIS NATURE STORE policies.
In connection with the activities above, CHRYSALIS NATURE STORE may find it necessary to suspend the account or terminate the service to a user based on information and/or actions identified by CHRYSALIS NATURE STORE.
If a user provides CHRYSALIS NATURE STORE with credit card information, the information will be encrypted using secure socket layer (SSL) technology and stored with AES-256 encryption. Although no method of transmission over the internet or electronic storage is 100% secure, CHRYSALIS NATURE STORE follows all PCE-DSS requirements and implements additional, generally accepted industry standards.
CHRYSALIS NATURE STORE processes this information given its legitimate interest in protecting CHRYSALIS NATURE STORE sponsors and beneficiaries and to comply with applicable laws.
CHRYSALIS NATURE STORE will process personal information for the purposes listed in this section, given its legitimate interest in undertaking promotional activities to provide information that may be of interest to individuals. Individuals can opt-out of receiving communications from CHRYSALIS NATURE STORE by following the unsubscribe instructions included in CHRYSALIS NATURE STORE communications or changing the notification settings within their CHRYSALIS NATURE STORE profile.
Payment information that is collected by the data collected may be used for the following purposes:
- Allow users access to and use of payment services.
- To detect and prevent fraud, abuse, security incidents, and other harmful activity.
- To conduct security investigations and risk assessments.
- To conduct checks against databases and other information sources.
- To comply with legal obligations (such as anti-money laundering regulations).
- Enforce payment terms and other payment policies.
With consent, to send promotional messages, marketing, advertising, and other information that may be of interest to an individual based on their preferences.
The data controller processes personal information given its legitimate interest in improving payment services and its users’ experience with it, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
CHRYSALIS NATURE STORE allows sponsors limited access to the profiles of their beneficiaries.
CHRYSALIS NATURE STORE shares information with third-party service providers to accurately record financial transactions and to facilitate email communications, including newsletters, promotional material, account updates, and personal communications.
3.3 Compliance with law, responding to legal requests, preventing harm, and protection of CHRYSALIS NATURE STORE rights
CHRYSALIS NATURE STORE may disclose a user’s information, including personal information, to courts, law enforcement or governmental authorities, or authorised third parties if and to the extent CHRYSALIS NATURE STORE is required or permitted to do so by law or if such disclosure is reasonably necessary to:
- Comply with CHRYSALIS NATURE STORE legal obligations.
- Comply with legal process and/or respond to claims asserted against CHRYSALIS NATURE STORE.
- Respond to verified requests relating to a criminal investigation, alleged or suspected illegal activity, or any other activity that may expose CHRYSALIS NATURE STORE, the user, or any other CHRYSALIS NATURE STORE user to legal liability.
- Enforce and administer CHRYSALIS NATURE STORE policies or other agreements.
- Protect the rights, property, or personal safety of CHRYSALIS NATURE STORE, its employees, sponsors, beneficiaries, or members of the public.
Where appropriate, CHRYSALIS NATURE STORE may notify sponsors or beneficiaries about legal requests unless:
- Providing notice is prohibited by the legal process itself, by court orders received, or by applicable law, or
- CHRYSALIS NATURE STORE believes that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon CHRYSALIS NATURE STORE property, its sponsors, or beneficiaries.
In instances where CHRYSALIS NATURE STORE complies with legal requests without notice for the above reasons, CHRYSALIS NATURE STORE will attempt to notify the applicable sponsor or beneficiary about the request after the fact where appropriate and when CHRYSALIS NATURE STORE determines in good faith that it is no longer prevented from doing so.
CHRYSALIS NATURE STORE uses certain third-party service providers to provide services related to CHRYSALIS NATURE STORE services and/or payment services. In these cases, CHRYSALIS NATURE STORE will need to share a user’s information, including personal information, to service providers to ensure the adequate performance of CHRYSALIS NATURE STORE’s contract with the user.
CHRYSALIS NATURE STORE uses social media services such as Facebook, Twitter, YouTube, LinkedIn, and Instagram to increase traffic to the CHRYSALIS NATURE STORE website. These processing activities are based on CHRYSALIS NATURE STORE’s legitimate interest in attracting new sponsors to CHRYSALIS NATURE STORE and to inform any person who may enquire about CHRYSALIS NATURE STORE’s activities.
CHRYSALIS NATURE STORE does not share users’ personal data with social media services.
Should a user decide to follow CHRYSALIS NATURE STORE on any of these services, they should be aware that any personal data shared with them is not controlled or supervised by CHRYSALIS NATURE STORE, therefore, any questions regarding how social media service providers process their personal data should be directed to such provider.
Please note that users may, at any time, ask a social media services provider to cease processing their data.
Users may exercise any of the rights described in this section by sending an email to CHRYSALIS NATURE STORE at info@Chrysalis Nature Storeafrica.org.za
Users may access and update select information through their profile settings. Users are responsible for keeping their personal information up to date.
Users have the right to ask CHRYSALIS NATURE STORE to correct inaccurate or incomplete personal information concerning them (and which they cannot update themself in their CHRYSALIS NATURE STORE profile).
In some jurisdictions, applicable law may entitle users to request copies of their personal information held by CHRYSALIS NATURE STORE. Users may also be entitled to request copies of personal information that they have provided to CHRYSALIS NATURE STORE in a structured, commonly used, and machine-readable format and/or request CHRYSALIS NATURE STORE to transmit this information to another service provider (where technically feasible).
CHRYSALIS NATURE STORE retains the personal information of users for as long as is necessary for the performance of the contract between the user and CHRYSALIS NATURE STORE and to comply with its legal obligations. If users no longer want CHRYSALIS NATURE STORE to use their information or make use of CHRYSALIS NATURE STORE’s services, they can request that CHRYSALIS NATURE STORE erase their personal information and close their CHRYSALIS NATURE STORE profile. It should be noted that if users request the erasure of their personal information, CHRYSALIS NATURE STORE may be required by law to retain it for a certain amount of time in part or in full.
Where a user has provided their consent to the processing of their personal information by CHRYSALIS NATURE STORE, they may withdraw their consent at any time by changing their profile settings or by sending a communication to CHRYSALIS NATURE STORE specifying the consent they are withdrawing.
Users have the right to lodge complaints about the data processing activities carried out by CHRYSALIS NATURE STORE with the information officer.
CHRYSALIS NATURE STORE is continuously implementing and updating administrative, technical, and physical security measures to help protect users’ information from unauthorised access, loss, destruction, or alteration. If a user knows, or has reason to believe, that their CHRYSALIS NATURE STORE profile information has been lost, stolen, misappropriated, or otherwise compromised, or in case of any actual or suspected unauthorised use of their CHRYSALIS NATURE STORE profile, they are asked to contact CHRYSALIS NATURE STORE by following the instructions in the contact CHRYSALIS NATURE STORE section below.
The scope of this aspect of the policy is defined by the provisions of the POPI Act, condition 1, and chapter 5, part b.
Information Officers are responsible for the following:
- Developing, publishing, and maintaining a POPI policy which addresses all relevant provisions of the POPI act, including but not limited to the following:
- Reviewing the POPI Act as periodic updates are published.
- Ensuring that POPI Act induction training takes place for all relevant staff.
- Ensuring that periodic communication awareness on POPI Act responsibilities takes place.
- Ensuring that privacy notices for internal and external purposes are developed and published.
- Handling data subject access requests.
- Approving unusual or controversial disclosures of personal data.
- Approving contracts with data operators.
- Ensuring that appropriate policies and controls are in place for ensuring the information quality of personal information.
- Ensuring that appropriate security safeguards in line with the POPI Act for personal information are in place.
- Handling all aspects of relationship with the regulator as foreseen in the POPI Act.
- Providing direction to any deputy information officer if and when appointed.
The scope of this aspect of the policy is defined by the provisions of the POPI Act, condition 8, sections 23 to 25.
Any subject access requests will be handled by the POPI Act Information Officer in terms of condition 8. Subject access requests must be in writing. All CHRYSALIS NATURE STORE staff are required to report anything which might be a subject access request to the POPI Act Information Officer without delay.
Requests for access to personal information will be handled in compliance with the POPI act and in compliance with the Promotion of Access to Information Act (PAIA).
Where the individual making a subject access request is not personally known to the POPI Act Information Officer, their identity will be verified before any information is shared.
This document is regarded as a living document that may be updated to reflect changes in practice or improved processes. CHRYSALIS NATURE STORE reserves the right to modify this policy at any time in accordance with this provision.
If individuals have any questions or complaints about this policy or CHRYSALIS NATURE STORE’s information handling practices, they may email CHRYSALIS NATURE STORE at: firstname.lastname@example.org