Privacy Policy
PURPOSE OF THIS NOTICE
Your privacy is important to us. The Karsten Group of companies (hereafter 'Karsten') knows that you care how information about you is used and shared and we are careful to ensure that any such information that comes into our possession is properly looked after. This Privacy Policy sets out the steps that we take to ensure that any information provided to us is kept secure and confidential and is used only for the purposes for which it is provided.
This Privacy Policy also describes how and why Karsten (“we”, “our” and “us”) collects and uses personal data and provides information about individuals’ rights in accordance with Data Protection Legislation. It applies to personal data provided to us, both by individuals themselves or by others. The expressions "personal data" or "personal information" refers to any information relating to an identified or identifiable living person, in terms of Data Protection Legislation.
‘Data Protection Legislation’ means all applicable privacy and data protection legislation and regulations including:
- before 25 May 2018, the Data protection Act 1998 (in the UK); and
- from 25 May 2018 onwards, the GDPR, and any applicable national laws, regulations and secondary legislation in the UK and the Republic of South Africa relating to the processing of personal data and the privacy of electronic communications, as amended, replaced or updated from time to time;
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
ABOUT US
Karsten is one of South Africa's leading agri-businesses respected both locally and internationally for the excellence of its products.
For the purpose of the Data Protection Legislation and this Privacy Policy, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about individuals. We are required under the Data Protection Legislation to notify you of the information contained in this Privacy Policy.
We have appointed a person with the responsibility for data protection compliance within Karsten and is our Data Protection Officer for assisting with enquiries in relation to this Privacy Policy or our treatment of your personal data. Should you wish to contact our Data Protection Officer you can do so using the contact details noted at paragraph 17 (Contact Us), below.
HOW WE MAY COLLECT YOUR PERSONAL DATA
The only personal data that we will collect is the personal data that you provide to us if you register with us for any reason, or during the course of our business relationships with our corporate clients and suppliers (if you are associated with our corporate clients and/or suppliers), or during the course of our business relationship with you personally, or when you communicate with us through our website. We will at any time, at your request, provide you with a copy of any personal data that we are holding about you.
To find out more please go to the sections below that are relevant to you.
Corporate clients (and individuals associated with our corporate clients) and individual clients
We will only collect personal data necessary for agreed purposes and we ask our clients to only share personal data where it is strictly needed for those purposes.
Where we process personal data, we ask our corporate clients to provide the necessary information to the data subjects regarding its intended use.
We obtain personal data relating to data subject, for example, when:
- you request a proposal from us in respect of the services and products we provide;
- we obtain relevant information from third parties from any routine or prescribed checks conducted before we accept you as a client;
- you contract with us to provide our services and products and also during the provision of those services and products;
- you contact us by email, telephone, post, or social media (for example when you have a query about our services and products); or
- from third parties (for example, your agents, brokers or other persons acting under a power of attorney or mandate given by you and/or publicly available resources (for example, from regulatory authorities).
Suppliers
We collect and process personal data about our suppliers (and individuals associated with our suppliers) in order to manage the relevant business relationship, contract, in order to receive services or products from our suppliers and, where relevant, to provide services or products to our clients
Visitors to our offices
We have security measures in place at our respective offices including building access controls.
We may require visitors to our respective offices to sign in at reception and may keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis.
Business Contacts
We process personal data pertaining to business contacts (i.e. existing and potential clients and individual associates to them). This may include a business contact's name, employer name, title, phone number, email address and other business contact details. We may collect personal data about a business contact when they contact us by email, telephone, post, or social media (for example when you have a query about our services or products or when you make enquiries on behalf of a client);
THE CATEGORIES OF PERSONAL DATA WE HOLD AND PROCESS
We hold and process certain categories of personal data in relation to the services and products we are providing.
Corporate clients (and individuals associated with our corporate clients)
The personal data we hold and process may include the following:
- Director, secretary and shareholder details such as title, position, full name, contact details (including address, email address etc.), and contact details history;
- Dates of birth, gender and age;
- Copies of passport, driving licence or other identification documentation requested from directors, shareholders or other key personnel;
- Records of your contact with us including meeting notes, telephone messages, letters, emails, and social media;
- Details of related parties and transactions with them;
- Names and job descriptions of your employees;
- Details of the contract/s we have with you in relation to the provision, or the proposed provision, of our services and products;
- Details of any services or products which you have received from us;
- Our correspondence and communications with you;
- Information about any complaints and enquiries you make to us;
- Information we receive from other sources, such as publicly available information, or information provided to us by third parties on your instructions.
Individual clients
The personal data we hold may include the following:
- Sole trader, partner or individual client details such as title, position, full name, contact details (including telephone, mobile, address, email address, etc.), and contact details history;
- Family member details (if relevant to the services or products provided by us);
- Dates of birth, gender and age;
- Copies of passport, driving licence or other identification documentation;
- Records of your contact with us including meeting notes, telephone messages, letters, emails, and social media;
- Details of related parties and transactions with them;
- Names and job descriptions of your employees;
- Transactions with you and related documentation;
- Details of the contract/s we have with you in relation to the provision, or the proposed provision, of our services and products;
- Details of any services or products which you have received from us;
- Our correspondence and communications with you;
- Information about any complaints and enquiries you make to us;
- Information we receive from other sources, such as publicly available information, or information provided to us by third parties on your instructions.
Suppliers (including individuals associated with our suppliers)
Where a supplier is helping us to deliver services or products to our clients, we process personal data about individuals involved in providing the services or products in order to administer and manage our relationship with the supplier (and the relevant individuals associated with our suppliers) and to provide such services and products to our clients.
The personal data we hold may include the following:
- Names and contact details of the supplier and the relevant individuals associated with the supplier; or
- Details of the contract/s we have with the supplier in relation to the provision, or the proposed provision, of services or products.
HOW WE USE PERSONAL DATA WE HOLD
If you provide personal data to us, it will only be used or processed for the following purposes:
- To provide information, services or products to you as requested by you;
- Carry out our obligations arising from any contracts entered into between our clients and us (which will most usually be for the provision of our services and products);
- To let you know about information from Karsten in which you may be interested provided you have consented to be contacted for such purposes (i.e. information related to our services, products, events and activities that are requested from us or which we feel may be of interest);
- To seek thoughts and opinions on the services and products we provide;
- To notify you about any changes to our services and products;
- For internal review;
- To improve the content of the website;
- To customize the content and/or layout of the website for each individual user;
- To notify users about updates to the website; or
- To compile and disclose statistics about our users and their preferences (these statistics are anonymous and do not identify individual users);
- To comply with our legal or regulatory obligations;
- For our own legitimate interests provided that those interests do not override any of our clients' (and individuals associated with our clients) own interests, rights and freedoms which require the protection of personal data. These legitimate interests include processing for marketing, business development, and management purposes.
We may process personal data for certain additional purposes with your consent, and in these limited circumstances where an individual data subject's consent is required for the processing of personal data, then the individual data subject has the right to withdraw consent to processing for such specific purposes.
Please note that we may process personal data for more than one lawful basis depending on the specific purpose for which we are using personal data. In some circumstances we may anonymise or pseudonymise the personal data so that it can no longer be associated to a specific individual, in which case we may use it without further notice to you.
If an individual refuses to provide us with certain information when requested, we may not be able to perform the contract/s we have entered into with the client. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process personal data without the individual's knowledge or consent, in accordance with this policy, where we are legally required or permitted to do so.
Data retention
We will only retain personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of our business and the services and products provided;
- any statutory or legal obligations;
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the types of personal data we have collected;
- the amount and categories of your personal data; and
- whether the purpose of the processing could reasonably be fulfilled by other means.
Change of purpose
Where we need to use personal data for another reason, other than for the purpose for which we collected it, we will only use personal data where that reason is compatible with the original purpose.
Should it be necessary to use personal data for a new purpose, we will notify the individual and either request their consent for any new processing or communicate the legal basis which allows us to do so, before starting any new processing.
MARKETING AND ADVERTISING
No promotional offers or advertising will appear on the karsten.co.za websites, nor will your personal contact information ever be given, sold, bartered, traded or otherwise shared by Karsten with third parties for advertising or marketing purposes.
DATA SHARING AND DISCLOSURE
We will not pass any of your personal data to any third party, other than members of Karsten or agents or service providers acting under contract on our behalf, without your consent.
Why might we share personal data with third parties?
We will share personal data with third parties where we are required by law, where it is necessary to administer the relationship between us and our clients or where we have another legitimate and lawful interest in doing so.
Which third-party service providers process personal data?
“Third parties” includes third-party service providers and other professional advisers and other entities within Karsten or contracted by Karsten. The following activities are carried out by third-party service providers: IT and cloud-based services, website hosting, data back-up, professional advisory services, and banking services.
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect personal data. We only permit our third-party service providers to process personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may share personal data with other third parties, for example in the context of any possible sale or restructuring of the business of Karsten. In this event, we will take appropriate measures to ensure that the security of the client personal data continues to be ensured in accordance with Data Protection Legislation. If a change happens to the business, then any new owners may use our client data in the same way as set out in these terms. We may also need to share personal data with a regulator or to otherwise comply with the law.
TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN UNION (EU) / EUROPEAN ECONOMIC AREA (EEA)
We may from time to time transfer the personal data we collect about you to the following country outside of the EU / EEA: Republic of South Africa, in order to perform our contract/s with you and/or to provide information, services or products to you as requested by you. As there is not an adequacy decision by the European Commission in relation to the Republic of South Africa it will not be deemed to provide an adequate level of protection for your personal data for the purpose of the Data Protection Legislation. We have therefore put in place the following measure to ensure that your personal data is treated in a way that is consistent with and which respects the Data Protection Legislation, as follows: We have entered into a contract with the South African subsidiaries in the Karsten Group in compliance with data protection and GDPR legislation.
Should you require further information about this protective measure, please email our Data Protection Officer HERE.
DATA SECURITY AND PROTECTION
We have put in place commercially reasonable and appropriate technology safeguards, security policies and other measures to protect personal data under our control and to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way, or altered or disclosed unlawfully. In addition, we limit access to personal data to those employees, agents, contractors, service providers and other third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify the individual and any applicable regulator of a suspected breach where we are legally required to do so.
RIGHTS OF ACCESS, CORRECTION, ERASURE, OBJECTION, RESTRICTION AND TRANSFER
Individuals’ duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Should your personal data change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details in paragraph 17 below.
Individuals’ rights in connection with personal data
Under certain circumstances, by law you have the right to:
- Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please email our Data Protection Officer HERE.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
In the limited circumstances where an individual may have provided consent to the collection, processing and transfer of their personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), they have a right to withdraw consent for that specific processing at any time. To withdraw your consent, please email our Data Protection Officer HERE.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Accessing our Website
When you call up our website, your browser will transfer certain data to our web server. This is done for technical reasons and is required to make available to you the requested information. To facilitate your access to the website, the following data are collected, briefly stored and used:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific site)
- Status of access/HTTP status code
- Transferred volume of data
- Website requesting access
- Browser, language settings, version of browser software operating system and surface
Moreover, to protect our legitimate interests, we will store such data for a limited period of time in order to be able to initiate a tracking of personal data in the event of actual or attempted unauthorized access to our servers (Art. 6(1)(f) General Data Protection Regulation).
Setting of Cookies
What are cookies?
This website uses so-called “cookies". Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (e.g. your preferred language or site settings) that your browser may (depending on the lifespan of the cookie) retransmit to us upon your next visit to our website.
What cookies do we use?
We differentiate between two categories of cookies: (1) functional cookies, without which the functionality of our website would be reduced, and (2) optional cookies used for website analysis and marketing purposes.
The optional cookie that we use is website analysis with Google Analytics, which assigns a randomly generated ID to your device, enabling us to recognize your device upon your next access. For details on website analysis please see the respective section below.
Optional Cookies | Lifespan | On / Off |
Website analysis with Google Analytics | 6 Months |
|
Subject to your consent
We only use optional cookies if we have obtained your prior consent (Art. 6(1)(a) General Data Protection Regulation). Upon your first access to our Website, a banner will appear, asking you to give us your consent to the setting of optional cookies. If your consent is given, we will place a cookie on your computer and the banner will not appear again as long as the cookie is active. After expiration of the cookie’s lifespan, or if you actively delete the cookie, the banner will reappear upon your next visit to our Website and again ask for your consent.
How to prevent the setting of cookies
Of course you may use our Website without any cookies being set. In your browser, you can at any time configure or completely deactivate the use of cookies. This may, however, lead to a restriction of the functions or have adverse effects on the user-friendliness of our Website. You may at any time object to the setting of optional cookies by using the respective objection option indicated in the table above.
Website Analysis
On our website we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America (“Google”).
Google will analyze your use of our website on our behalf. To this purpose we use, among others, the cookies described in more detail in the above table. The information collected by Google in connection with your use of our Website (e.g. the referring URL, our webpages visited by you, your browser type, your language settings, your operating system, your screen resolution, etc.) will be transmitted to a server of Google in the USA, where it will be stored and analyzed. The respective results will then be made available to us in anonymized form. Your usage data will not be connected to your full IP address during this process. We have activated on our Website the IP anonymizing function offered by Google, which will delete the last 8 digits (type IPv4) or the last 80 bits (type IPv6) of your IP address. Moreover, Google is certified under the EU-US Privacy Shield, which ensures that an adequate level of data protection is maintained with respect to the processing of personal data by Google in the USA.
You may revoke your consent to the use of website analysis at any time, either by downloading and installing the provided Google Browser Plugin or by administrating your consent in the table above, in which case an opt-out cookie will be placed on your computer. Both of these options will prevent the application of website analysis only as long as you use the browser on which you installed the plugin and do not delete the opt-out cookie.
Further information on Google Analytics is available in the Google Analytics Terms of Use, the Privacy and Data Protection Guidelines of Google Analytics and in the Google Privacy Policy.
Use of contact forms
You can contact us directly via the contact forms available on our website. In particular, you may provide us with the following information:
- Name, surname and title
- Country
- Contact data (e.g. e-mail address, phone number)
- Message
We collect, process, and use the information provided by you via the contact forms exclusively for the processing of your specific request. We may ask you to provide more information if you contact us to obtain additional services, products and information or to resolve complaints or concerns.
CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our Privacy Policy in the future will be updated here on our website yearly. However, if we intend to make material changes to the way we use your personal data, we will seek your consent before we do so.
This Privacy Policy was last updated on 01/11/2018.
CONTACT US
If you have any questions regarding this Privacy Policy or if you would like to speak to us about the manner in which we process your personal data, please email our Data Protection Officer HERE.
If you are situated in the UK, you also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Telephone - 0303 123 1113 (local rate) or 01625 545 745
Website - https://ico.org.uk/concerns
If you are situated in the EU, you also have the right to make a complaint to the relevant supervisory authority that is established pursuant to Article 51 of the GDPR by the Member State in which you are situated.