HUIZBESOEK Privacy Policy

  1. Huizbesoek (Pty) Ltd a private company duly registered in the Republic of South Africa with registration number 2022/250939/07, including its subsidiaries, affiliates, service providers, agents, third-party providers, officers, directors, employees, legal representatives and content providers (collectively referred to as the “Provider”), is committed to protecting the privacy of any individual or legal entity (hereinafter referred to as the “User”) that registers, subscribes to or uses the Provider’s Platform.
  2. The Provider adheres to strict measures and protocols to ensure that all Personal Information is collected, processed and used lawfully, transparently and in compliance with applicable regulations.
  3. The User and the Provider shall for purposes of this Privacy Policy and hereafter collectively be referred to as the “Parties” and individually as the “Party”.
  4. Processing for purposes of this Privacy Policy means any operation or activity, whether automatic or not, concerning Personal Information, including:
    • collection, receipt, recording organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
    • dissemination by means of transmission, distribution or making available in any other form;
    • merging, linking, restricting, degradation, erasure or destruction of information; and
    • the terms “Processing”, “Process” or “Processed” shall have corresponding meanings.
  5. By accepting the Terms and using the Provider’s Platform, the User expressly consents to the Provider collecting, Processing and using the User’s Personal Information as specified in this Privacy Policy. The Provider may do so to comply with legal obligations, protect legitimate business interests and fulfil any other lawful purposes outlined herein.
  6. By subscribing the User specifically give consent in terms of Section 69 of the Protection of Personal Information Act 4 of 2013 (hereinafter referred to as “POPIA”) to the Provider to process the Users’ Personal Information as provided, for the purposes of direct marketing by means of electronic communication in respect of all products and services rendered by the Provider.
  7. The User understands that data will be used solely for the purposes for which it was provided and further understands that the User may at any time unsubscribe to electronic communication by deregistering from the Provider’s Platform.
  8. The User acknowledges that the Provider, who in some instances may reside outside the geographical borders of South Africa, may collect and process Personal Information about the User for the purposes of providing access to the Platform, to understand the User’s requirements as well as to enable the Provider to deliver the intended services more effectively.
  9. Information is collected directly from the User in the instances where the User personally furnish the Provider with details on the Platform and/or website to enable the Provider to create a personalised profile to ensure the best user experience and maximum benefits to the User. Where applicable and reasonably possible, the Provider shall inform the User as to which information is required and which information is optional.
  10. Personal Information as referred to in this Privacy Policy and according to POPIA, means information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person.
  11. Personal Information further includes information that enable the Provider to accurately identify the User as an individual or for the purposes of confirming the identity of the User and may also include information related to:
    • race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth;
    • education or the medical, financial, criminal or employment history;
    • any identifying number including but not limited to identity number and/or passport number and/or registration number, symbol, e-mail address, physical or residential address, landline telephone number, Mobile Number, location information, online identifier or other assignment;
    • biometric information and identifying photographs of the User;
    • the personal opinions, views, shopping habits, schedules or preferences of the User;
    • correspondence sent by the User that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    • views or opinions of another individual about the User;
    • name of the User if it appears with other Personal Information relating to the User or if the disclosure of the name itself would reveal information about the User;
    • transaction records;
    • information collected during the registration process that may include shopping behaviour and preferences;
    • information pertaining to helpline queries made by the User.
  12. Personal Information excludes general, statistical, aggregated or anonymised information.
  13. Further to the provisions of POPIA, the Provider may also include change of name details as Personal Information. In the event of a change of name the Provider may require copies of the marriage certificate or official change of name document issued by the Department of Home Affairs.
  14. Website usage information may be collected using text files that is stored on the User’s devices by the web browser (“Cookies”) which allows the Provider to collect standard internet visitor usage information.
    • The Provider may use Cookies to enhance the User experience. The User’s web browser places Cookies on their hard drive for record-keeping purposes and sometimes to track information about them. The User may choose to set their web browser to refuse Cookies or to be notified when Cookies are being sent. If the User does so, note that some parts of the Platform may not function properly.
    • The Provider, store and use the above mentioned information to communicate requested information to the User, to provide services to the User as requested by the User, to authenticate the User, to provide the User with access to restricted pages on the Platform and to compile non-personal statistical information about browsing habits, click patterns and access to the Platform.
    • The information detailed above is collected either electronically by using Cookies or is provided voluntarily by the User. Users may determine Cookie use independently through their browser settings. For purposes of this clause, a Cookie means a small computer file created by a web browser to save user information for such website.
    • Cookies ensure that the Provider is able to continually improve its services. “First party Cookies” (originating from the Provider) are used to simply track the User’s visits between sessions and deliver a more personalised experience. “Third party Cookies” (not originating from the Provider) are used to provide traffic analysis and tracking.
    • Cookies may be set through the Platform by the Provider’s advertising partners. These Cookies may be used by those companies to build a profile of the Users interests and show the User relevant advertisements on other sites. They do not store Personal Information directly but are based on uniquely identifying the User’s browser and internet device. If the User does not allow these Cookies, the User will experience less targeted advertising.
    • The Platform may use “Google Analytics”, a web analytics service of Google Inc. (hereinafter referred to as “Google”). Google Analytics uses Cookies on the User’s device which assists in evaluating the use of the Platform (more information can be found here: https://policies.google.com/technologies/types.
    • The Provider uses the code “get.anonymizeIP (); “This results in Google shortening the User’s IP address and allowing an anonymised evaluation. The reduction of IP addresses occurs within the EU or the European Economic Area. The IP address submitted by the User’s browser as part of Google Analytics will not be merged with other google data.
    • The data collected with the help of Cookies is usually transferred to a Google server and stored there. Compliance with data protection standards and data rights is ensured by a certification under the EU- US privacy shield. See the Google Privacy statement [https://policies.google.com/privacy] for more information.
    • On the Provider’s behalf, Google uses the data collected through Google Analytics to evaluate the use of the Platform, to compile reports on the website activities and to provide further information related to the use of the Platform.
    • Data is stored for a period of 14 months. The User can prevent the storage of the Google Analytics Cookies by a corresponding setting in the User’s browser. This may restrict the functionality of the Platform.
    • The User may also prevent the collection of data generated by Cookies and use of the Platform (including your IP address) by Google and the processing of such data by Google by clicking the Opt-Out Button located on the cookie banner, this will place an opt-out cookie on your browser. Learn more by clicking on the link below: https://policies.google.com/technologies/managing.
  15. The Provider may use Personal Information only for the purposes for which it was collected, in accordance with the requirements of POPIA and/or as agreed with the User. Neither Party may retain a record of Personal Information longer than is necessary for achieving the purpose for which the information was Processed, unless such retention is:
    • required by law;
    • reasonably required for a lawful purpose related to a Party’s functions or activities;
    • required by an agreement between the Parties; or
    • for reasons of historical, statistical or research purposes with the other Party’s prior written consent, provided that appropriate safeguards have been established to protect the Personal Information.
  16. Upon expiry or termination of the business relationship for any reason whatsoever, the Parties shall immediately cease handling Personal Information and return the Personal Information in a manner and format reasonably requested by the other Party or if specifically instructed to do so, immediately destroy or permanently delete all forms of Personal Information in its possession, power and/or control and provide the other Party with a return or permanent destruction certificate.
  17. If a Party disposes of any paper, electronic or other record containing Personal Information, such Party shall do so by taking all reasonable steps (based on the sensitivity of the information) to destroy the Information by:
    • shredding;
    • permanently erasing and deleting; or
    • otherwise modifying the Personal Information in such records to make it unreadable or permanently indecipherable.
  18. The Provider may disclose Personal Information to third-party service providers who are involved in the delivery of products or services to the User. The User acknowledges and herewith grants express consent that Personal Information may be transferred in accordance with Chapter 9 of POPIA cross border as the Provider makes use of certain third-party cloud-based data services. It is agreed that neither Party shall receive or transfer Personal Information or any data to Europe without entering into a separate data transfer agreement.
  19. The User shall take all reasonable steps to ensure that the Personal Information is complete, accurate, not misleading and updated.
  20. The Provider must take all appropriate steps to ensure that Personal Information is Processed in accordance with the 8 (eight) statutory conditions for the lawful Processing of Personal Information, as listed in section 4(1) of POPIA and detailed in Part A of Chapter 3 of POPIA.
  21. The Provider and User are compelled, on request, to comply with all instructions that are deemed necessary to enable either Party to comply with its obligations under POPIA.
  22. Where either Party Processes Personal Information of the other Party within the ambit of this Privacy Policy, such Party shall:
    • perform a data protection risk assessment to identify any potential data protection risks;
    • take all reasonable steps to ensure that all Personal Information that is collected is complete, accurate, not misleading and updated;
    • ensure that any Processing of Personal Information shall be for a specific, lawful purpose for a limited time and strictly in accordance with expressly granted or written instructions;
    • ensure that Personal Information is not processed further for a secondary purpose without the expressly granted or written consent of the other Party, unless such further Processing is strictly conducted to comply with an obligation imposed by law;
    • treat all Personal Information confidentially and not disclose or otherwise make available to any third-party (including third-party service providers) other than authorised personnel or third parties who require access to such Personal Information strictly on a “need-to-know” basis for that Party to carry out any obligation under these Terms;
    • ensure that any personnel and/or other persons having access to and/or Process the Personal Information are bound by appropriate and legally binding confidentiality and non-use obligations on substantially the same terms and conditions as set forth in this Privacy Policy;
    • place appropriate technical measures in place to ensure that the integrity of the Personal Information is secure and protected against any unauthorised or unlawful access, use, acquisition, disclosure, interference, modification, accidental loss, destruction, disclosure or damage (which measures may include, encryption, resilience testing of services and regularly assessment of the effectiveness of implemented technical measures);
    • immediately comply with any lawful instruction from any Party to correct and/or delete Personal Information; and
    • when called upon by the other Party, provide reasonable evidence of compliance with POPIA for auditing purposes or submit an independent auditor’s report verifying compliance with POPIA.
  23. The Provider endeavors to have agreements in place to ensure that third-party service providers comply with the privacy requirements as contemplated by POPIA.
  24. The Provider may further disclose Personal Information in the instance where the Provider have a duty or a right to disclose in terms of law or industry codes as well as where the Provider believe it is necessary to protect their rights.
  25. The Provider is legally obliged to provide adequate protection for any stored Personal Information and to further prohibit any unauthorized access and use of such Personal Information. The security protocols, controls and related processes of the Provider are reviewed on an on-going basis to ensure that Personal Information remains protected and secure.
  26. The User has the right to request a copy of relevant Personal Information stored by the Provider. Specified information may be requested by contacting the Provider at the email addresses as provided on the Provider website under the heading “Contact us”. Positive verification of KYC information to confirm the identity of the User shall be required before any Personal Information may be provided.
  27. Where a Party is required to disclose any Personal Information by law, regulation, industry code or court order, such Party shall promptly notify the impacted Party in writing of (unless prohibited by law):
    • any requests from an individual with respect to Personal Information and shall not respond to any such requests unless expressly authorised to do so by the impacted Party; or
    • any complaint relating to the processing of Personal Information including, but not limited to, allegations that the processing infringes an individual’s rights under POPIA.
  28. The Party concerned shall take such steps to limit the extent of the disclosure to the extent that it lawfully and reasonably practically can and shall afford the impacted Party a reasonable opportunity, if possible and permitted, to intervene in the proceedings.
  29. Please note that any access to information request may be subject to a fee as prescribed by relevant legislation.
  30. In the event of any Party having reasonable suspicion or reasonably believes that unauthorised or unlawful use, access, acquisition, disclosure, accidental loss, destruction or damage to Personal Information (hereinafter referred to as a “Security Incident”) has occurred, such Party shall:
    • promptly notify the other Party in writing immediately upon becoming aware of or having reasonable grounds to suspect the Security Incident;
    • promptly provide a full investigative report along with the corrective actions reasonably necessary to prevent a future recurrence of such violation or Security Incident;
    • at its cost, take all necessary and reasonable steps to mitigate the extent of the loss or compromise of Personal Information and, if applicable, to restore the integrity of the affected information and services as quickly as possible;
    • furnish the other Party with details of the person or entity affected by the compromise and the nature and extent of the compromise;
    • provide the other Party with a report on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved; and
    • consult with the other Party and where required by law, notify the appropriate authorities.
  31. The User may submit a complaint to the Regulator at complaints.IR@justice.gov.za.