Protection of Personal Information Act (POPI Act)

1. Introduction

1.1.  The Protection of Personal Information Act No. 4 of 2013 (POPI) was introduced to promote the protection of personal information processed by public and private bodies and to introduce certain conditions and to establish minimum requirements for the processing of personal information and to provide for the rights of persons regarding unsolicited electronic communications and automated decision making as well as to regulate the flow of personal information across the borders of the Republic of South Africa and to provide for matters connected therewith.

1.2.  The Protection of Personal Information Act gives effect to section 14 of the Constitution of the Republic of South Africa, 1996, which provides that everyone has the right to privacy which right includes a right to protection against the unlawful collection, retention, dissemination and use of personal information.

1.3.  A “private body” is defined as any natural person who carries or has carried on any trade, business, or profession, but only in such capacity or any partnership which carries or has carried on any trade, business or profession or any former or existing juristic person (e.g. any company, close corporation or business trust).

1.4. GGA falls within the definition of a “private body” and this Policy has been compiled in accordance with the Protection of Personal Information Act and other applicable legislation.

1.5. This Privacy Policy describes the policies and procedures on the collection, use, and disclosure of the user information when the user use the website and tells the user about the user privacy rights and how the law protects the user.

1.6. GGA use the user Personal data to provide and improve the website. By using the website, the user agree to the collection and use of information in accordance with this Privacy Policy.

2. Interpretation and Definitions

The following terms have meanings defined under the following conditions, and where applicable the singular shall have the same meaning as the plural:

2.1. Account – a unique account created for the user to access the GGA website or parts of the GGA website.

2.2. Cookies – are text files that are placed on the user computer, mobile device or any other device by a website that contain small pieces of data — like a username, password and the details of the user browsing history on that website.

2.3. Country – Republic of South Africa

2.4 Device – any device that can access the website such as a computer, a cellphone or a digital tablet.

2.5. GGA – means GGA Good Governance Africa located at 7th Floor, The Mall Offices, 11 Cradock Avenue, Rosebank 2196, South Africa.

2.6. Personal Data – is any information that relates to an identified or identifiable individual.

2.7. Usage Data – data collected automatically, either generated by the use of the website or from the website infrastructure itself (for example, the duration of a page visit).

2.8. Website –

2.9. Website Provider – any natural or legal person who processes the data on behalf of GGA. It refers to third-party companies or individuals employed by GGA to facilitate the website, to provide the website on behalf of GGA, to perform services related to the website, or to assist GGA in analyzing how the website is used.

2.10. User – the individual accessing or using the website, or the company, or other legal entity on behalf of which such individual is accessing or using the website, as applicable.

3. Collecting and Using User Personal Data

3.1. Types of Data Collected

3.1.1. Personal Data While using the GGA website, GGA may ask the user to provide it with certain personally identifiable information that can be used to contact or identify the user. Personally identifiable information may include, but is not limited to: Email address; First name and last name; Phone number; Address, State, Province, ZIP/Postal code, City; Business Name; Banking Details; Fax Number; Vat Registration Number; Representative Details; Usage Data;

3.1.2. Usage Data Usage Data is collected automatically when using the website. Usage Data may include information such as the user Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of the GGA website that the user visit, the time and date of the user visit, the time spent on those pages, unique device identifiers and other diagnostic data. When the user accesses the website by or through a mobile device, GGA may collect certain information automatically, including, but not limited to, the type of mobile device the user uses, the user’s mobile device unique ID, the IP address of the user’s mobile device, the user’s mobile operating system, the type of mobile Internet browser the user uses, unique device identifiers and other diagnostic data. GGA may also collect information that the user’s browser sends whenever the user visits the GGA website or when the user accesses the website by or through a mobile device.

3.2. Tracking Technologies and Cookies

3.2.1. GGA use Cookies and similar tracking technologies to track the activity on the GGA website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze the GGA website. The technologies GGA use may include: Cookies or Browser Cookies. A cookie is a small file placed on the user Device. Flash Cookies. Certain features of the GGA website may use local stored objects (or Flash Cookies) to collect and store information about the user preferences or the user activity on the GGA website. Web Beacons. Certain sections of the GGA website and the GGA emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit GGA, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity). Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on the user’s personal computer or mobile device when the user goes offline, while Session Cookies are deleted as soon as the user closes its web browser.

3.2.2. GGA use both Session and Persistent Cookies for the purposes set out below: Necessary / Essential Cookies Type: Session Cookies Administered by: GGA Purpose: These Cookies are essential to provide the user with services available through the Website and to enable the user to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the websites that the user has asked for cannot be provided, and GGA only uses these Cookies to provide the user with those websites. Cookies Policy / Notice Acceptance Cookies Type: Persistent Cookies Administered by: GGA Purpose: These Cookies identify if users have accepted the use of cookies on the Website. Functionality Cookies Type: Persistent Cookies Administered by: GGA Purpose: These Cookies allow GGA to remember choices the user makes when the user uses the Website, such as remembering the user login details or language preference. The purpose of these Cookies is to provide the user with a more personal experience and to avoid the user having to re-enter the user preferences every time the user uses the Website.

4. Use of the user Personal Data

4.1. GGA may use Personal Data for the following purposes:

4.1.1. To provide and maintain the GGA website, including monitoring the usage of the GGA website.
4.1.2. To manage the user Account: to manage the user registration as a user of the website. The Personal Data the user provide can give the user access to different functionalities of the website that are available to the user as a registered user.
4.1.3. For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or websites the user have purchased or of any other contract with GGA through the website.
4.1.4. To contact the user: To contact the user by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted websites, including the security updates, when necessary or reasonable for their implementation.
4.1.5. To provide the user with news, special offers and general information about other goods, websites and events that GGA offer that is similar to those that the user has already purchased or enquired about unless the user has opted not to receive such information.
4.1.6. To manage the user requests: To attend and manage the user requests to GGA.
4.1.7. For business transfers: GGA may use the user information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the GGA assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by GGA about the GGA website users is among the assets transferred.
4.1.8. For other purposes: GGA may use the user information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of the GGA promotional campaigns and evaluating and improving the GGA website, products, websites, marketing and the user experience.

4.2. GGA may share the user personal information in the following situations:

4.2.1. With website Providers: GGA may share the user personal information with website Providers to monitor and analyse the use of the GGA website;
4.2.2. To contact the user;
4.2.3. For business transfers: GGA may share or transfer the user personal information in connection with, or during negotiations of, any merger, sale of GGA assets, financing, or acquisition of all or a portion of the GGA business to another company;
4.2.4. With Affiliates: GGA may share the user information with the GGA affiliates, in which case GGA will require those affiliates to honour this Privacy Policy. Affiliates include the GGA parent company and any other subsidiaries, joint venture partners or other companies that GGA controls or that are under common control with GGA.
4.2.5. With business partners: GGA may share the user information with the GGA business partners to offer the user certain products, websites or promotions.
4.2.6. With other users: when the user shares personal information or otherwise interacts in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
4.2.7. With the user consent: GGA may disclose the user’s personal information for any other purpose with the user’s consent.

4.3. Retention of the user Personal Data

4.3.1. GGA will retain the user Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. GGA will retain and use the user Personal Data to the extent necessary to comply with GGA’s legal obligations (for example, if GGA is required to retain the user data to comply with applicable laws), resolve disputes, and enforce the GGA legal agreements and policies.

4.3.2. GGA will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of the GGA website, or GGA is legally obligated to retain this data for longer periods.

4.4. Transfer of the user Personal Data

4.4.1. the user information, including Personal Data, is processed at GGA’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of the user state, province, country or other governmental jurisdiction where the data protection laws may differ from the user’s jurisdiction.

4.4.2. the user consents to this Privacy Policy followed by the user’s submission of such information represents the user’s agreement to that transfer.

4.4.3. The GGA will take all steps reasonably necessary to ensure that the user data is treated securely and in accordance with this Privacy Policy and no transfer of the user Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of the user data and other personal information.

5. Disclosure of the user Personal Data

5.1. Business Transactions

5.1.1. If GGA is involved in a merger, acquisition or asset sale, the user Personal Data may be transferred. GGA will provide notice before the user Personal Data is transferred and becomes subject to a different Privacy Policy.

5.2. Law enforcement
5.2.1. Under certain circumstances, GGA may be required to disclose the user Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

5.3. Other legal requirements
5.3.1. GGA may disclose the user Personal Data in the good faith belief that such action is necessary to: Comply with a legal obligation; Protect and defend the rights or property of GGA; Prevent or investigate possible wrongdoing in connection with the website; Protect the personal safety of users of the website or the public; Protect against legal liability;

6. Security of the user Personal Data

6.1. The security of the user Personal Data is important to GGA, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While GGA strives to use commercially acceptable means to protect the user Personal Data, GGA cannot guarantee its absolute security.

7. Children’s Privacy

7.1. the GGA website does not address anyone under the age of 18. GGA does not knowingly collect personally identifiable information from anyone under the age of 18. If the user are a parent or guardian and the user are aware that the user child has provided GGA with Personal Data, please contact GGA. If GGA becomes aware that GGA has collected Personal Data from anyone under the age of 18 without verification of parental consent, GGA will take steps to remove that information from the GGA servers.

7.2. If GGA needs to rely on consent as a legal basis for processing the user information and the user country requires consent from a parent, GGA may require the user parent’s consent before GGA collects and uses that information.

8. Links to Other Websites

8.1. the GGA website may contain links to other websites that are not operated by GGA. If the user clicks on a third party link, the user will be directed to that third party’s site. GGA strongly advise the user to review the Privacy Policy of every site the user visits.

8.2. GGA has no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or websites.

9. Changes to this Privacy Policy

9.1. GGA may update the GGA Privacy Policy from time to time. GGA will notify the user of any changes by posting the new Privacy Policy on this page.

9.2. GGA will let the user know via email and/or a prominent notice on the GGA website, prior to the change becoming effective and update the “Last Updated” date at the top of this Privacy Policy.

9.3. Users are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact GGA

10.1. If users have any questions about this Privacy Policy, they can contact GGA:

Name of Business: GGA
Contact: Mr Lloyd Coutts
Position: Director of Publications and Media
Postal Address: 7th Floor, The Mall Offices, 11 Cradock Avenue,
Rosebank 2196, South Africa
Physical Address: 7th Floor, The Mall Offices, 11 Cradock Avenue,
Rosebank 2196, South Africa
Phone Number: +27 11 268 0479
Fax Number: +27 11 268 0478
Email Address: