Corruseal – POPIA Privacy Notice

Corruseal Group is a leader in the South African paper and packaging industry. For over 40 years, Corruseal has been a pioneering manufacturer and supplier of packaging. In this time, the company has grown rapidly through a combination of organic growth, acquisitions and great partnerships. With over 14 companies in the Group, Corruseal has acquired a national footprint and become a substantial manufacturer and supplier of packaging to the local market.

Whether you interact with us in your capacity as a client, supplier, visitor, investor, service provider, contractor, staff member or public official, chances are, we may need to collect some personal information from you. This Privacy Policy governs the manner in which we collect, store, maintain and process that personal information in accordance with the Protection of Personal Information Act or “POPIA”.

Corruseal may collect personal information from you using state-of-the-art technologies, websites, various digital platforms, manual processes and even physical documentation. Exactly what data we collect will depend on the business function being performed or the services being rendered. Some information may simply be required to enable or enhance general communications whilst other information types may be more sensitive. As a general principle, we do not collect personal information other than what is needed for legitimate business purposes. This may include some or all of the following:

• First and Last Name
• Title
• E-Mail Address
• Telephone Numbers
• Driver’s License Details
• Identity Numbers
• Employment details
• Account Numbers
• Date of Birth
• Gender
• Health Status
• Biometric Data
• Geolocation Data
• Company Registration Records
• Occupational Details
• Security and background references
• Financial and Accounting Records
• Banking Details

Corruseal group companies may, at any given time, maintain one or more public facing websites that clients, suppliers and members of the public can access and, in some cases, you can formally register to obtain user credentials to log in during subsequent visits.

In addition to the personal information required at registration, Corruseal may receive and record Internet usage, as it relates to Corruseal, information from your browser. This may include the Internet Protocol address (IP address) from where you connected, Corruseal browsing habits, click patterns, software versions, system type, screen resolution, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information).

We may place small text files called ‘cookies’ on your device when you visit our websites. They do not contain personal information, but they do contain certain identifiers that allow us to associate your personal information with a particular device. Cookies are useful to manage a variety of things like access to content, website functionality and performance, preferences and links to third party content. Cookies can also be used to deliver targeted advertising. In most instances your website browser can be set to allow or reject the use of cookies should you be willing to accept the potential limitations this may cause. Additional information on cookies and their security implications can be found on www.allaboutcookies.org.

Corruseal group websites may contain electronic image requests, called web beacons. We use them to access cookies and to count page views. They do not collect any of your personal information and are mostly used to compile anonymous information about our website. Please note that Corruseal has no control over other third-party websites, and we cannot control what information they may gather from your online activities.

The use of social media platforms and messaging Applications, commonly used on smartphones and mobile devices, have become commonplace. Corruseal do not own or manage these platforms and do not take any responsibility for the information you share during their use. You must carefully consider the privacy policies of each social media platform you, and any minors in your care use. There may be specific rules and acceptable usage guidelines for online behaviour that is specific to each social media platform or for the custom groups you voluntarily subscribe to. Note that you may be held personally accountable for any defamatory, vulgar, racist or abusive posts and for wilfully spreading misinformation.

We may monitor and record any telephone calls that you make to us, and we will ask for your consent to do so. It is common practice, due to the nature of our commercial and administrative activities for Corruseal staff members, agents and associates to store the contact details of prospects, customers/clients, service providers, suppliers and other relevant individuals on their mobile phones to facilitate effective communications.

Whenever we collect personal information directly from you, we strive to obtain explicit consent, however, we also collect information where consent is clearly implied or where we may have obtained your personal information from open, public forums.

Corruseal may collect your information from third-party sources, partners and affiliates to whom you may have previously chosen to disclose your information. Regardless of the manner of collection, we have put mechanisms in place for you to withdraw your consent at any time or find out exactly what personal information we have on record concerning you.

You must accept all the terms of this policy and agree to be bound by all of its terms in order to engage with Corruseal or access our services. If you are younger than eighteen (18) years old, you do not have legal capacity to accept these terms or access our services without the formal consent a parent or legal guardian.

In keeping with the principles of lawfulness, fairness and transparency we have listed some of the business activities where you can expect us to collect, store and process personal information. If there are any significant changes to our legitimate use of personal information, this list will be updated:

• To deliver world-class packaging solutions
• To administrate our financial affairs
• To support our clients and customers
• To engage with suppliers and service providers
• To inform you of important service offerings
• To streamline and enhance services
• To comply with legal obligations and regulations
• To pursue good governance
• To engage in lawful marketing activities

Your personal data is stored and processed as physical and/or digital records at our data centres located in South Africa. Where we make use of so-called Cloud Service Providers, your data may be located on systems hosted in a secure off-site data centre.

These data centres may be located within South Africa or in jurisdictions where equal or stricter privacy laws apply. We will keep your personal information only for as long as there is a legal or legitimate business reason to do so. This is called the “retention period” and it may differ significantly, based on the type of data and reason of retention.

Once the formal retention period, as defined in our internal policies and applicable legislation expire, your personal data will be destroyed, using generally accepted industry technologies, norms and standards of good practice. We may retain personal data for service notification purposes until such time that you notify us that you no longer wish to receive this information.

We may share your information with third parties such as service providers, affiliates and subsidiaries should we require specialist services or expertise to fulfil our obligations to you. Subject to due process, and if specifically required to do so by law, we may share your information with authorities. Circumstances may also arise where Corruseal shares your personal information in order to enforce contractual arrangements or where we need to protect the rights, property and safety of others. This includes the exchange of information with organisations for the purpose of fraud protection, security and credit risk reduction.

No organisation is immune to the ongoing and increasingly sophisticated cyber-attacks on private and public sector organisations. Corruseal does not provide any specific or implied guarantee that it will never experience a security breach. However, as a responsible Party, Corruseal endeavours to implement and maintain a comprehensive portfolio of security controls that are internationally considered to be important and effective in protecting sensitive information. We also have measures in place to inform you, should we believe that a security breach occurred.

You have specific rights under the Protection of Personal Information Act in relation to the data we collect, store and process about you. To act on these rights please contact our Information Privacy Office. Following due process, you can:

• Request access to your personal information
• Request correction of your information
• Request destruction of your personal information
• Object to the processing of your personal information
• Request restrictions on processing your personal information
• Request a transfer of your personal information; or
• Withdraw consent

In the event that you wish to complain about how we have handled your personal data, please contact our Information Privacy Officer at PrivacyOffice@corruseal.co.za. Our Information Privacy Officer will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact the South African Information Privacy Regulator and file a complaint with them.

Any changes we may make to our Privacy Policy will be posted in a prominent place on the Corruseal website. If requested to do so, you will be notified by e-mail. If you do not agree with all the changes, you must stop using the Corruseal website as well as any other related goods or services. Continued use of our websites or services, following a formal change notification to this policy, will be deemed as your acceptance of the updated terms and conditions. The Policy will therefore apply to you.