DEFINITIONS

In this Policy (as defined below), unless the context requires otherwise, the following capitalised terms shall have the meanings given to them —

  • “Active Processing” means instances where PhoneFast has directly been provided with the Personal Information/Personal Data of Data Subjects, such as when Data Subjects submit an enquiry in respect of our Services, or when Data Subjects provide Personal Information/Personal Data to PhoneFast pursuant to concluding any commercial agreement(s) with PhoneFast;
  • “Inactive Processing” means instances where PhoneFast has not actively been provided with the Personal Information/Personal Data of Data Subjects, such as when PhoneFast deploys Passive Processing Means to collect information from Data Subjects. These Passive Processing Means allow PhoneFast to Process certain kinds of Non-personally Identifiable Information which can perhaps not be linked to Data Subjects;
  • “Anonymisation” means the Processing of Personal Information/Personal Data in such a manner that the Personal Information/Personal Data can no longer be attributed to Data Subjects without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Information/Personal Data are not attributed to Data Subjects;
  • “Applicable Laws” means any laws applicable to Personal Data and Personal Information and includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation; the common law; any binding court order, judgement or ruling; any applicable industry code, policy or standard enforceable by law; or any applicable direction, policy or order that is given by any regulator, competent authority or organ of state or statutory industry body;
  • “Biometrics” means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition;
  • Child” means any natural person under the age of 18 years; 
  • Competent Person” means anyone who is legally competent to consent to any action or decision being taken by any matter concerning a child, for example a parent or legal guardian;
  • Controller” means PhoneFast, in circumstances where it Processes Personal Data (as defined in Article 4 of the GDPR);
  • Consent” means any voluntary, specific and informed expression of will in terms of which permission is given for the Processing of Personal Information;
  • Cookies” means small text files that store Non-personally Identifiable Information/Data about Data Subjects, either temporarily in connection with a Data Subjects Internet Protocol (IP) address (known as a temporary or session cookie, and deleted once a Data Subject closes their browser window) or more permanently on the hard drive of a Data Subject’s device (known as a permanent or persistent cookie). PhoneFast’s Website(s) or Mobile Application(s) may from time to time use session cookies so that Data Subject’s do not have to fill in the same information from page to page within our Website(s) or Mobile Application(s). If Data Subject’s elect not to receive cookies, they may be able to view some, but not all, of the content on our Website(s) or Mobile Application(s);
  • Customer(s)” means any natural person(s), or juristic person(s), who have concluded an agreement with PhoneFast in terms of which such Customer procures the Products or Services provided by PhoneFast;
  • Data Subject” means PhoneFast’s Customer(s) or any Third Party in respect of whom PhoneFast Processes Personal Information/Personal Data;
  • Data Processing Infrastructure” means any and all systems, networks, servers, workstations, laptops, mobile devices, web applications, mobile applications, cloud storages, websites owned, controlled or operated by PhoneFast;
  • Embedded Scripts” means, programming code that is designed to collect information about a Data Subject’s interactions with the relevant Website(s) or Mobile Application(s). It is temporarily downloaded onto a Data Subject’s device from our web server or a Third-Party Operator. This program is active only while a Data Subject is connected to the relevant Website(s) or Mobile Application(s) and is deleted or deactivated thereafter;  
  • Electronic Means” means, in relation to the Processing of any Personal Information/Personal Data, the use of any Website(s), Mobile Application(s), electronic mail (email), text, voice, sound or image messages by PhoneFast;
  • “Non-Electronic Means” means, in relation to the Processing of any Personal Information/Personal Data, the use of traditional means of Processing, such as hard copy documents, traditional filing systems deployed for the storage and retention of Personal Information/Personal Data and face-to-face personal engagements with Data Subjects;
  • GDPR” means the General Data Protection Regulation, which is a European law that governs all collection and processing of personal data from individuals inside the European Union;
  • Mobile Application(s)” means any multi-device software application, whether in web-based format or device-native format, to which this Privacy Policy relates and through which Customer(s) and Third Parties gain access to PhoneFast’s Products and/or Services;
  • Mobile Device Identifier” means device information if you access our Website(s) or Mobile Application(s) through mobile devices. Certain features of the relevant Website(s) or Mobile Application(s) may require collection of mobile phone numbers and we may associate that phone number with the mobile device identifiers. Additionally, some mobile phone service providers operate systems that pinpoint the physical location of devices that use their service. Depending on the provider, PhoneFast and/or our Third-Party Operators may receive this information. If PhoneFast associates any such passively collected information with the Personal Information/Personal Data of Data Subjects, we will treat the combined information as Personal Information/Personal Data as contemplated in this Policy;
  • Non-personally Identifiable Information/Data” means any information/data which cannot be linked to Data Subjects, such as an internet domain name, the type of web browser used by a Data Subject, the type of operating system relied on by a Data Subject, the date and time of a Data Subject’s visit to our Website(s) and Mobile Application(s), the specific pages a Data Subject may have visited, and the address of the website which a Data Subjects may have visited prior to entering or gaining access to PhoneFast’s Website(s) or Mobile Application(s);
  • Operator” means a person or entity who Processes Personal Information/Data for a Responsible Party;

 

  • Passive Processing Means ” means the use of technologies to facilitate the Inactive Processing of Personal Information/Personal Data, namely the use of Cookies, Web Beacons, Embedded Scripts and/or Mobile Device Identifiers;
  • Personal Data” (as defined in Article 4 of the GDPR) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, which in the context of PhoneFast shall comprise of the types of Personal Data recorded in this Policy below;
  • Personal Information” shall have the same meaning as is given in section 1 of POPIA, but shall in the context of PhoneFast comprise of the types of Personal Information recorded in this Policy below;
  • PhoneFast” means Phone Fast (Pty) Ltd (2011/108716/07);
  • PhoneFast Group” means any Companies directly or indirectly held under DN Invest (Pty) Ltd (2019/254459/07) from time to time;
  • Policy” means this Data Protection and Privacy Policy;
  • POPIA” means the Protection of Personal Information Act, No 4 of 2013;
  • Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information/Personal Data, including:
    • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
    • dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or
    • merging, linking, blocking, degradation, erasure or destruction. For the purposes of this definition, “Process” has a corresponding meaning
  • Products” means mobile electronic devices and related accessories procured by Customers of PhoneFast;

Who are we?

PhoneFast (“PhoneFast” or “we”) are a Responsible Party in terms of the Protection of Personal Information Act, 4 0f 2013 (POPIA) with respect to your Personal Information. We process all such Personal Information in order to enable us to do business with you and to provide products and services to you as requested. In this notice, “you” means you as an individual with whom we are dealing whose Personal Information we may need to collect and process in order to provide the requested products and services, and for any of the purposes described below.

What Personal Information is collected?

Please note that in accordance with Section 18 of POPIA you are hereby expressly informed of the fact that when you engage PhoneFast for their product and/ or device sale and/or replacement services (“PhoneFast Dealing”) you may need to provide PhoneFast with the following Personal Information, including but not limited to:

• Identity numbers;
• Full names;
• Registration numbers;
• Financial information, including banking account information;
• Statutory information;
• Physical and postal address particulars;
• Telephone numbers;
• Email addresses;
• Biometrics;
• Unique Identifiers.
• International Mobile Equipment Identity (“IMEI”) number

What do we do with your Personal Information and why do we collect it?
We take the privacy of any data subjects with whom we engage very seriously and we only collect and process Personal Information for specific purposes which are connected to our legitimate business purposes, which we generally need in order to comply with our obligations towards you and also to comply with obligations which are imposed upon us in terms of applicable laws regulating us. The Personal Information you provide to PhoneFast pursuant to your PhoneFast Dealing is typically processed for the following purpose(s), which purposes are connected to our legitimate business purposes:

• To provide or manage any information, products and/or services requested by you pursuant to your PhoneFast Dealing.
• To evaluate whether or not to offer, extend or modify any offering or services requested by, or provided to, you.
• Using, processing, sharing/transferring or engaging in analytics of your Personal Information for (i) routine business purposes; or (ii) the purposes of new business or product development.
• To establish your needs, requirements and preferences in relation to the products and/or services provided by PhoneFast.
• To identify your risk profile and make an election as to whether we wish to enter into a contractual relationship with you and if so, on what terms.
• To allocate unique identifiers to you for the purpose of processing your Personal Information, securely storing, retaining, and recalling your Personal Information from time to time, regardless of whether you conclude an agreement with PhoneFast.
• For general administration purposes pertaining to your request/s and to reply to you when you contact us for support.
• To improve the quality of PhoneFast’s products and services.
• To analyse your Personal Information collected for research and statistical purposes.
• To transfer your Personal Information across the borders of South Africa to other jurisdictions should it be required in the legitimate pursuit of PhoneFast’s business requirements.
• To identify products and services which might be of interest to you, as well as to inform you of such products and/or services.
• To investigate and attempt to resolve any queries, complaints or requests.
• To verify that the personal information provided is true and accurate.
• To, unless you expressly “opt out”, process your Personal Information as defined above for the purposes of direct marketing and advertising to you of products and services provided by PhoneFast in future.
• To, for the purposes of enhancing the scope of products and services we can offer to you or the method of delivery, share or transfer all or any part of your Personal Information to a third party who is a potential business partner or actual provider/supplier of outsourced services to us.
• To, at any time procure or share information relating to your credit worthiness and risk profile from or with any registered credit bureau or credit provider’s industry association or industry body, which includes information pertaining to your credit history, financial history, judgements, default history and sharing information for purposes of risk analysis, tracing and related purposes.

This notice applies to all data (including all Personal Information) past, present or future submitted by you to PhoneFast or which we otherwise obtain pursuant to undertaking our normal business activities. In supplementation of the above purposes, we are legally required to collect and process certain personal information for very specific purposes, such as:

• Communicating with you to perform our business activities;
• Performing PhoneFast Dealing
Who do we share your Personal Information with?

For us to maintain the high standards of product and service delivery you have come to appreciate, we are required to share your personal information with some of our suppliers, service providers and business partners. We use service providers and suppliers who we trust, who we have agreements with and they have agreed to keep your personal information secure
and confidential, and to only use it for purposes which we have agreed to. If you are interested in who these service providers are, you can send us a request, but a few of the key service providers are:

• Courierit
• Seidor Africa
• Smart HR Solutions

These aren’t all our service providers and suppliers, and if you want to find out more, we will be happy to share these details with you. We may also from time to time provide you with links to their individual privacy notices and policy documents.

So that you are fully made aware, please note that we do use service providers in order to enable the organisation to operate effectively.

Where do we store your Personal Information?

All your personal information is stored securely by PhoneFast through access controls, backups & recoveries, firewalls and encryption. In storing your Personal Information, we may transmit or transfer Personal Information outside South Africa to a foreign country, as such, personal information may be stored on servers located outside of South Africa in foreign countries that have different data protection laws in place. We are comfortable that these foreign countries protect Personal Information to an extent that compares to the way in which we do, which is acceptable to us. If you are interested in who these suppliers are, you are
welcome to ask us at anytime, we will happily disclose this information to you upon request.

What are your Rights?
It is important that you know what your rights are with regards to our processing of your personal information and we want to make this clear to you also. Although we take steps to safeguard your personal information, process it lawfully and only share it with suppliers and service providers we trust, you have the following rights:
• You can ask us at anytime what personal information of yours we hold – we don’t have any hidden agenda here!
• You can ask us what personal information of yours is, or was, shared with any of our suppliers, service providers, or any third party for that matter – we will happily tell you!
• You can ask us to update your personal information or even delete any information which is no longer accurate – we want to make sure your information is accurate and complete, but we need your help!
• You can object to our processing of your personal information – we don’t want to process your information if you don’t want us to, but just bear in mind it may influence our ability to fulfil our obligations towards you!
• You are more than welcome to lodge a complaint with the information regulator if you feel that we are not complying with POPIA – please do try and speak to us first, but this is a remedy available to you and we want you to know about it!

The contact details of the Information Regulator are:
The Information Regulator (South Africa)
JD House 27 Stiemens Street Braamfontein Johannesburg, 2001
PO Box 31533
Braamfontein, Johannesburg, 2107
E-mail: inforeg@justice.gov.za

With that said, we have (and continue to) implement reasonable security measures and protocols to protect the personal information we hold. These measures are to protect any personal information we hold form being disclosed without authorisation, from loss, damage, destruction or unauthorised access. As you will appreciate nothing is 100% secure in this day and age and therefore, we ask that if you suspect that either you, or we, have had an information security breach, please notify us immediately so that we can take action. You can do so by contacting our Information Officer whose information is set out below.
If you need to speak with our Information Officer, feel free to contact him/her. Our Information Officer is Brett Rice and any queries or even questions you may have regarding this privacy notice and PhoneFast’s POPIA compliance efforts can be directed to him/her at brett.rice@phonefast.co.za.