Privacy Policy

Introduction

Serendipityremix offers advisory, consultancy, and support services to all sectors in the built environment.

We respect your privacy and are committed to keeping your personal information safe and secure. This is our privacy statement which will explain how we collect, use, disclose, store and process the personal information we gather from you.

It also informs you of your rights in terms of the Protection of Personal Information Act, Act No. 4 of 2013 (“POPIA”).

If you make use of our services or partake in our data gathering processes you subject yourself to and agree to Serendipityremix’s terms, conditions, and privacy policy, as set out below.

 

Application

This policy applies to you when you visit our website, take part in focus group discussions, complete surveys conducted for clients, or make use of our services as a client.

 

Personal information

POPIA defines personal information as information relating to an identifiable, living natural person, and where it is applicable, an identifiable, existing juristic person. We “process” your personal information if we collect, use, store, make available, destroy, update, disclose, receive, or otherwise deal with your personal information.

The type of information we may collect is:

  • age

  • bank details

  • date of birth

  • e-mail address

  • gender

  • the general area of residency

  • information relating to a person’s education, financial, or employment status

  • language preference

  • marital status

  • name

  • nationality

  • race (for demographic purposes or as otherwise required by applicable law)

  • telephone number

 

Your personal information includes information we collect when:

  • you register to become part of our panel of focus group participants, mystery shoppers or completing an online form or survey used for the completion of a project; or

  • you take part in a focus group discussion, complete a mystery shopper survey, or complete an online form distributed by us.

 

We don’t process special personal information, but should this become necessary we will only do so if we obtain your consent or have another valid justification to do so.

We have regulatory obligations to process your personal information which includes verifying your identity.

Though it is your right to refuse to provide us with personal information, it may lead to us not being able to provide you with the relevant service, terminating the current contract or not making use of you during focus group discussions, mystery shopping or gathering information via online forms.

We may further process your information if it is compatible with the purpose for which it was collected, for instance to:

  • Evaluate your current and future needs and to suggest further services to you;

  • Evaluate and improve the effectiveness of our services and offerings;

  • Process your marketing preferences (where you have unsubscribed from certain direct marketing communications, keeping a record of your information and request to ensure that we do not send such direct marketing to you again);

  • For operational purposes;

  • Verify your identity for security purposes;

  • Meet legal and regulatory requirements or industry codes to which we may be subject;

  • Use in connection with legal proceedings;

  • Conduct statistical and any operational, marketing, auditing, legal and record-keeping requirements;

  • Detect and prevent any fraud and money laundering and/or in the interest of security and crime prevention (which includes ongoing due diligence and sanction screening against any sanction list we may determine in our sole discretion);

  • Assess and resolve any complaint;

  • Prevent or control the spread of any disease.

 

This excludes anonymous, de-identified, statistical, and public information.

 

You may only send us your personal information or someone else’s personal information if you have their permission to do so.

 

Collection of personal information

We collect personal information in five ways, namely:

  • Automatically through the website. When you visit our website, we automatically collect your Internet usage information (including your IP address, browser details, and usage information) through your browser, which we may use to display our website correctly, track your activities on it, or for other necessary purposes.

  • On registration or submission. We ask you to provide us with certain identifying information (including your first name, surname, email address, telephone number, race, age, etc.) when you register for or otherwise submit information through focus group attendance, mystery shopper surveys, and online surveys distributed by us.

  • On acceptance of our services. We ask you to provide us with certain information (including your name, your company name, various company information, etc.) when you appoint us for our services.

  • When you contact us via telephone, email, electronic messaging or submitting a form via our website.

  • From third party sources. We may collect personal information from third party sources or sources in the public domain. These include, but are not limited to:

    • Municipal websites;

    • The deed’s office;

    • Website pages;

    • Client due diligence tools and through identity and bank verification processes;

    • From clients to conduct the contracted business; or

    • Directories and lists published or distributed on industry websites and/or conferences.

  • During our business relationship. To successfully complete our contracted work, we would need to collect various personal information.

 

Consent

We get your consent to collect your personal information under applicable law when you provide us with it. We will from time to time ask you for updated and additional personal information.

Purpose of collection

We may process your information that you provide to us for the purposes that you indicated when you agreed to provide it to us. Processing includes gathering your personal information, disclosing it, and combining it with other personal information.

While collecting data for reports commissioned by clients, we need to gather your details to verify and audit data supplied, or to use as provenance for data used in reports.

 

Use of personal information

  • We may use your personal information while conducting our business, such as compiling reports, or complying with requests for information from external auditors, or regulatory and supervisory bodies, or to correspond with you.

  • We need to collect and share personal information with clients, their representatives, controlling persons or entities, business contacts, staff of clients, and service providers to conclude contracts, carry out obligations and report to clients.

  • We may process your personal information to fulfil our obligations to you.

 

Communication and marketing

  • We may use your identifying information to send you administrative and update messages about our website, further opportunities to take part in focus group discussions, mystery shopper surveys, online surveys, or our services.

  • We will not send you promotional messages unless you have chosen to opt into them. But we may send you one message asking you to opt into promotional messages without you having opted into promotional messages.

  • We may use your personal information to provide you with targeted content through our website or messaging platforms.

  • We may disclose aggregate statistical information that we derive from your and other people’s personal information to our advertisers or business partners.

 

Sharing of personal information

 

Due to the nature of our business and to fulfil our obligations to you or our clients, it may be necessary from time to time to share your personal information with third parties.

  • Personal details are collected when you attend a focus group discussion and shared with the client for audit and edification purposes;

  • A client may request the details of persons taking part of an online survey or mystery shopper project in order to verify the data collected for their contracted report;

  • During the course of fulfilling our obligation to you, we may need to send your personal details to an auditor, a local or foreign regulator (including but not limited to the Financial Sector Conduct Authority, Reserve Bank, South African Revenue Services, the Financial Intelligence Centre), a tax administrator, a legal advisor, a forensic investigation service (internal or external), a service provider providing administrative support services or accounting services to you or us;

  • We may disclose personal information to third parties if required for legal reasons, such as if required by the relevant authorities or court orders;

  • We may need to disclose personal information to our personnel to do their jobs but will not do so unnecessarily.

  • Contractors who help us meet our obligations to you; or

  • Third parties as required by applicable law.

 

Third parties outside of South Africa

 

Your information will primarily be processed in South Africa, but the following exceptions and conditions may be relevant.

  • Serendipityremix uses cloud-based storage, and this service may be located outside of South Africa.

  • It may happen from time to time that our clients have offices outside of South Africa, who may not have the same privacy protection laws as South Africa, and those reports containing personal information is shared with and used by them.

 

We will use all reasonable actions to ensure the safety of your personal data with these third parties.

Recording calls and/or meetings

 

From time to time, to complete our contracted work, we will need to record telephone calls or meetings.

  • We may monitor and record any telephone calls that you make to us unless you specifically request us not to.

  • We may record online meetings held via Zoom, Microsoft Teams, or Google Meet as well as in-person meetings for record-keeping and audit purposes unless you specifically request us not to.

 

Your rights as a data subject

 

You have the right to have your personal information processed in accordance with the conditions for the lawful processing of personal information as set out in POPIA. You also have the rights as set out below.

  • Right of access. In terms of section 23 of POPIA, you have the right to request us to

    • confirm whether we hold personal information about you; and

    • provide you with a description of the personal information that we hold on you, including information about the identity of all the third parties, or categories of third parties who have, or have had, access to the personal information.

 

We will require you to supply us with adequate proof of identity before we respond to your request. We will respond within a reasonable time. We may charge a fee to recoup our costs associated with this request if there is a cost to us associated with it and provided that applicable law allows us to do so.

  • Right to request correction or deletion. In terms of section 24 of POPIA, you have the right to request that we correct or delete personal information in our possession or under our control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully. You may also request us to destroy or delete a record of personal information about you that we are no longer authorised to retain.

 

We will as soon as reasonably practicable correct, destroy or delete said record unless we are required or entitled under applicable laws to keep the information and have informed you that we have done so.

 

Should we not believe that the information requires correction, we will provide you with credible evidence in support and if we cannot reach an agreement with you, you may request us to mark the information with the request for correction so that it can be read together.

  • Right to object to processing.

    • You may object at any time, based on reasonable grounds relating to your situation, the processing or your personal information for the purposes protecting your legitimate interest or to pursue the legitimate interest of a third party to whom the information is supplied or our own legitimate.

    • You may also object at any time to the processing of your personal information for purposes of direct marketing or the receipt of direct marketing through unsolicited electronic communication.

  • Remedies. You have the right to complain to the Information Regulator as set out below.

    • Any person may submit a complaint to the Information Regulatory in the prescribed manner and form alleging interference with the protection of the personal information of a data subject. A data subject may also submit a complaint in respect of a determination of an adjudicator.

    • The address of the Information Regulator is as follows:

The Information Regulator

27 Siemens Street,

Braamfontein,

Johannesburg,

2017

Complaints email: complaints.IR@justice.gov.za

General enquiries email: inforeg@justice.gov.za

 

Retention

 

We will only keep your personal information for as long as is necessary to fulfill our obligations to you and our clients unless you have given us permission to keep it longer or we are otherwise legally allowed to do so.

We may also keep your personal information for historical, statistical or research purposes if appropriate safeguards are in place. We may keep your personal information for longer if there is litigation or an investigation, or any tax or regulatory query.

Where we must keep your information longer than indicated above, we will only process it for storage or of proof. We will also restrict access and processing of such information.

Change of ownership

 

We may assign our rights to the personal information we process to our new owners if our ownership changes for any reason.

Security

 

We take the security of personal information very seriously and always do our best to comply with applicable data protection laws.

  • Our hosting company will host our website in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders.

  • We implement disaster recovery procedures where appropriate.

  • Should our security measures be breached, and personal information obtained by unauthorised parties, we will inform you as soon as possible as provided for in POPIA.

 

Acceptance, changes, and limitations

 

You may not take part in a focus group discussion, mystery shopper survey, or any online survey distributed by us if you do not accept this policy or any changes to it.

We may change this policy at any time and will notify you of the changes on our website or by email. The changed policy applies to you if you continue using our website, taking part in focus group discussions, mystery shopping surveys, any online survey distributed by us, or our services following the notification.

We are not responsible for anyone else’s privacy policies or practices.

Enquiries

 

Please contact us by email (sanett@serendipityremix.com) if you have any questions about this privacy policy or how we handle your personal information.

Last review date: July 2021