DEFINITIONS

Ryobi South Africa

“biometrics”: means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition;
“Child”: means a natural person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him- or herself;

“competent person”: means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child;

“data subject”: means the person to whom the personal information relates and for RYOBI, this will include but not be limited to – visitors to the various RYOBI websites, customers who have previously bought goods via RYOBI, employees, external service suppliers, suppliers of products and all associates of RYOBI;

“direct marketing”: means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of – a) Promoting or offering to supply, in the ordinary course of business of RYOBI, legal services to the data subject; or b) Requesting the data subject to donate any kind for any reason;

“deputy information officers”: means CHARGE LUYANE GIBSON;

“electronic communication”: means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or the recipient’s terminal equipment until it is collected by the recipient;

“filing system”: means any structured set of personal information which in the case of RYOBI consists of physical files kept in the offices of RYOBI together with the data file on the various software systems used by RYOBI;

RYOBI”: for purposes of this Policy document means the company registered as RYOBI (PTY) LTD, Registration Number 2015/181834/07 which includes various shops within the RYOBI brand such as, but not limited to ShopCandyShopAcer3dStoreDJIFittime with operational offices situated at the district office park, 8 Kikuyu Rd Sunninghill, 2157;

“Information officer”: of RYOBI will mean JD O’CONNOR;

“operator”: means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party;

“person”: means a natural person or a juristic person;

“Personal information”: means information relating to an identifiable, living, natural person, and where it is applicable and identifiable, existing juristic person, including, but not limited to: Information relating to the education or the medical, financial, criminal or employment history of the person; Any identifying number, symbol, e-mail address, telephone number, location information, online identifier or another particular assignment to the person; The biometric information of the person;  The personal opinions, views or preferences of the person; Correspondence sent by the person that would reveal the contents of the original correspondence if the message is of a personal or confidential nature; The views or opinions of another individual about the person; and  The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

‘‘private body’’ means—
(a) a natural person who carries or has carried on any trade, business or
profession, but only in such capacity;
(b) a partnership which carries or has carried on any trade, business or profession; or
(c) any former or existing juristic person, but excludes a public body

“processing”: means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including – a) The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; b) Dissemination using transmission, distribution or making available in any other form; or c) Merging, linking, as well as restriction, degradation, erasure or destruction of information;

“Promotion of Access to Information Act”: means the Promotion of Access to Information Act (PAIA), 2000 (Act No. 2 of 2000);

“public record”: means a record that is accessible in the public domain and which is in the possession of or under the control of a public body, whether or not it was created by that public body.

“record”: means any recorded information – a) Regardless of form or medium, including any of the following: I. Writing on any material; II. Information produced, recorded or stored using any tape-recorder, computer equipment, whether hardware or software or both, or another device, and any material subsequently derived from information so produced, recorded or stored; III. Label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means; IV. Book, map, plan, graph, or drawing; V. Photograph, film, negative, tape or another device in which one or more visuals images are embodied to be capable, with or without the aid of some other equipment, of being reproduced; b) In the possession or under the control of a responsible party; and c) Regardless of when it came into existence;

“Regulator”: – means the Information Regulator established in terms of Section 39 of the POPIA;

“responsible party”: means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;

“restriction”: means to withhold from circulation, use or publication any personal information that forms part of a filing system, but not to delete or destroy such information;

“special personal information”: means personal information as referred to in Section 26 of the POPIA which includes Information relating to race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

“this Act”: means the Protection of Personal Information Act, No. 4 of 2013.

“unique identifier”: means any identifier that is assigned to a data subject and is used by a responsible party for the operations of that responsible party and that uniquely identifies that data subject about that responsible party.

INTRODUCTION

RYOBI South Africa operates within the ONLINE SHOPPING space where customers can purchase third-party goods via the RYOBI website, make payment for such purchases online and where after RYOBI arranges for delivery of the goods to the customer.

RYOBI deals with many role players in the online shopping space and in delivering its online services to its customers, always collects personal information from such customers and shares such information with third-party suppliers of RYOBI.

RYOBI South Africa acknowledges that most of its communications with customers, product suppliers and services suppliers are done electronically via the internet, via email and other electronic methods. In recognizing the international risk of data breach and also to ensure that lawful conditions exist surrounding its data subject’s information, RYOBI accepts that all its South African-based data subjects’ Constitutional Right to Privacy is of utmost importance. RYOBI further accepts that its data subjects based in other parts of the world are entitled to equal rights to privacy in terms of Regulations applicable to such data subjects in the countries in which they are based. As such, RYOBI is committed to complying with South Africa’s POPIA. RYOBI is further committed to the education of its data subjects in respect of their privacy rights and will make all operational amendments necessary.

OBJECTIVE 

Although is not possible to ensure 100% mitigation against data breaches, the objective of this Policy is to ensure adherence of RYOBI to the provisions within POPIA together with its Regulations aimed at protecting all RYOBI’ data subjects from harm as wide as possible by protecting their personal information, to ensure that data subjects’ Consent is obtained as provided for in POPIA, to ensure that data subjects’ information is not unlawfully shared with third parties unless Consent for such sharing is obtained, to stop identity fraud and generally to protect privacy. RYOBI South Africa takes its responsibilities in terms of POPIA seriously and intends to continue developing its internal and external processes.

This Policy constitutes the EXTERNAL SET OF PRIVACY RULES applicable to the information collected and processed by RYOBI and sets out the standard for suitable protection of personal information as required by POPIA.

  1. POPIA CORE PRINCIPLES

In its quest to ensure the protection of data subjects’ privacy, RYOBI fully commits as follows:

  • To continue developing and maintaining reasonable protective measures against the possibility of risks such as loss, unauthorised access, destruction, use, alteration or revelation of personal information.
  • To regulate how personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information;
  • To ensure that the requirements of the POPIA legislation are upheld within RYOBI. In terms of sections 8, 17 and 18 of POPIA, RYOBI confirms that it adheres to an approach of transparency of operational procedures that controls the collection and processing of personal information and subscribes to a process of accountability and openness throughout its operations.
  • In terms of the requirements set out within sections 9, 10, 11, 12, 13 14 and 15 of POPIA, RYOBI undertakes to collect personal information legally and reasonably, for a specific reason and only if it is necessary for its operations and to process the personal information obtained from clients, employees, visitors and services suppliers only for the purpose for which it was obtained in the first place.
  • Processing of personal information obtained from owners, occupiers, visitors and service suppliers will not be undertaken in an insensitive, derogative discriminatory or wrongful way that can intrude on the privacy of the particular data subject.
  • In terms of the provisions contained within sections 23 to 25 of POPIA, all data subjects of RYOBI will be allowed to request access to certain personal information and may also request correction or deletion of personal information within the specifications of the POPIA. Data subjects should refer to FORMS 1 & 2 attached hereto for these purposes.
  • To not request or process information related to race, religion, medical situation, political preference, trade union membership, sexual certitude or criminal record unless this is lawfully required and unless the data subject has expressly consented. RYOBI will also not process information of children unless the specific consent provisions contained within POPIA have been complied with.
  • In terms of the provisions contained within section 16 of POPIA, RYOBI is committed that data subjects’ information is recorded and retained accurately.
  • To not provide any documentation to a third party or service provider without the express consent of the data subject except where it is necessary for the proper execution of the service as expected by the data subject.
  • To keep an effective record of personal information and undertakes not to retain information for a period longer than required.
  • In terms of sections 19 to 22 of POPIA, RYOBI will secure the integrity and confidentiality of personal information in its possession. RYOBI will provide the necessary security of data and keep it by prescribed legislation

Consent

When data subjects’ information is collected, processed or shared online or manually by RYOBI during the process of RYOBI delivering its online shopping services, RYOBI recognizes its obligation to explain the reasons for the collection of information from the particular data subject/s and obtains the required Consents to process and where required the sharing of the information under such explanation and using the information for limited marketing purposes.

If personal information is used for any other reason than the original reason for it being collected, specific Consent for such purpose must be obtained from the data subject. SPECIAL PERSONAL INFORMATION may be collected from data subjects without specific Consent if:

  • Processing is carried out with the prior consent of the data subject;
  • Processing is necessary for the establishment, exercise or defence of a right or obligation in law;
  • Processing is for historical, statistical or research purposes.

RYOBI has amended its standard documentation and online terms with references to the Act and will obtain all clients’ general Consent in each transaction.

COLLECTION, PROCESSING AND SHARING OF INFORMATION

 

RYOBI South Africa collects and processes personal information from its data subjects for a variety of reasons and in a variety of ways. Customers who wish to place orders via the RYOBI online platform may register as members or may purchase items as a guest of RYOBI. In both instances, customers are obliged to complete the necessary information to successfully register. In this way, personal and special information is collected from data subjects who place online orders via the RYOBI website and the information is then shared with the relevant delivery suppliers of RYOBI to arrange delivery of the orders.

By submitting personal and special personal information details to RYOBI, all data subjects acknowledge the following:

  • Personal information collected by RYOBI will be collected directly from the data subject, unless –
    • The information is contained or derived from a public record or has deliberately been made public by the data subject;
    • Collection of the information from another source would not prejudice a legitimate interest of the data subject;
    • Collection of the information from another source is necessary –
      • To avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences;
      • To comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue;
      • For the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated;
      • In the interest of national security;
      • To maintain the legitimate interests of RYOBI or of a third party to whom the information is supplied;
      • Compliance would prejudice a lawful purpose of the collection;
      • Compliance is not reasonably practicable in the circumstances of the particular case.
  • Personal information is collected for a specific, explicitly defined and lawful purpose related to a function or activity of RYOBI;
  • Steps will be taken to ensure that the data subject is aware of the purpose of the collection of the information.
  • RYOBI will take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary, having regard to the purpose for which the personal information is collected and further processed.
  • Where personal information is collected from a data subject directly, RYOBI will take reasonably practicable steps to ensure that the data subject is aware of: –
    • The nature of the information being collected and where the information is not collected from the data subject, the source from which it is collected;
    • The name and address of RYOBI;
    • The purpose for which the information is being collected;
    • Whether or not the supply of the information by the data subject is voluntary or mandatory;
    • The consequences of failure to provide the information;
    • Any particular law authorising or requiring the collection of the information.

STORAGE OF INFORMATION

RYOBI acknowledges the risks facing data subjects with the storage of personal and special personal information on the RYOBI’ software systems as well as filing copies of the physical information sheets containing personal information physically in an office. To ensure that its best attempts are made to minimize data subjects from suffering the loss of personal information, misuse or unauthorised alteration of information, unauthorized access or disclosure of personal information generally, it will:

  • Store personal information in databases that have built-in safeguards and firewalls to ensure the privacy and confidentiality of your information.
  • Constantly monitor the latest internet developments to ensure that the systems evolve as required. RYOBI tests its systems regularly to ensure that our security mechanisms are up to date.
  • Continue to review its internal policies and third-party agreements where necessary to ensure that these are also complying with the POPIA and Regulations in line with RYOBI’ Policy rules

DISPOSAL OF DATA SUBJECTS’ INFORMATION

RYOBI South Africa is responsible to ensure that necessary records and documents of their data subjects are adequately protected and maintained to ensure that records that are no longer needed or are of no value are disposed of at the proper time. These rules apply to all documents which are collected, processed or stored by RYOBI and include but are not limited to documents in paper and electronic format, for example, e-mail, web and text files, PDF documents etc.

RYOBI South Africa does not discard or dispose of the telephone numbers, email addresses of data subjects and electronic communications with data subjects with whom it has previously dealt but will do so on request by the data subject.

Secure disposal maintains data security and supports compliance with this RYOBI policy. RYOBI acknowledges that electronic devices and media can hold vast amounts of information, some of which can linger indefinitely.

  • Under no circumstances will paper documents or removable media (CDs, DVDs, discs, etc.) contain personal or confidential information by simply binned or deposited in refuse tips.
  • RYOBI undertakes to ensure that all electrical waste, electronic equipment and data on disk drives be physically removed and destroyed so that the data will by no means be virtually retrievable.
  • RYOBI will ensure that all paper documents that should be disposed of, be shredded locally and then recycled.
  • If a third party is used for data destruction purposes, the Information Officer will ensure that such third party will also comply with this policy and any other applicable legislation.
  • RYOBI may suspend the destruction of any record or document due to pending or reasonably foreseeable litigation, audits, government investigations or similar proceedings. RYOBI undertakes to notify employees of applicable documents where the destruction has been suspended to which they have access to.
  • If a document and/or information is no longer required to be stored by this policy and relevant legislation, it should be deleted and destroyed.
  • The Information Officer should be consulted where there is uncertainty regarding the retention and destruction of a document and/or information.

INTERNET AND CYBER TECHNOLOGY

The following clauses constitute a summary of the terms contained in the INTERNAL IT/EMAIL/CYBER SECURITY POLICY which applies to all employees when using the RYOBI internet and email services.

 

  • Acceptable use of RYOBI Internet Facilities & standard Anti-Virus rules

The repercussions of misuse of RYOBI systems can be severe. Potential damage includes, but is not limited to, malware infection (e.g. computer viruses), legal and financial penalties for data leakage and lost productivity resulting from network downtime.

To ensure that RYOBI’ IT systems are not misused, everyone who uses or has access to RYOBI’ systems has received training and internal guidelines to meet the following five high-level IT Security requirements:

  • Information will be protected against any unauthorized access as far as possible;
  • Confidentiality of information will be assured as far as possible;
  • Integrity of information will be preserved as far as possible;
  • Availability of information for business processes will be maintained;
  • Compliance with applicable laws and regulations to which RYOBI are subject will be ensured by the Information Officer as far as possible.

Every user of RYOBI’ IT systems takes responsible for exercising good judgment regarding reasonable personal use.

  • IT Access Control

RYOBI undertakes to ensure that logging into the IT system and software packages is password controlled and shall exercise all caution in allowing unauthorized access to the password. It is a further undertaking that the password/s shall be reviewable from time to time but in particular where GOOGLE-based products are used and linked (such as Facebook, Whatsapp and GMAIL-based domains).

  • RYOBI’ Email Rules

RYOBI acknowledges that most of its communications are conducted via email and instant messaging (IM). Email and IM may contain extremely sensitive and confidential FIRM information, so the information involved must be appropriately protected. In addition, email and IM are potential sources of spam, social engineering attacks and malware, so RYOBI must be protected as completely as possible from these threats. The misuse of email and IM can pose many legal, privacy and security risks, so users need to be aware of the appropriate use of electronic communications.

It is of use to note that all users of RYOBI’ email system are prohibited from using email to:

  • Send, receive, solicit, print, copy, or reply to a text, images, or jokes that disparage others based on their race, religion, colour, gender, sex, sexual orientation, national origin, veteran status, disability, ancestry, or age.
  • Send, receive, solicit, print, copy, or reply to messages that are disparaging or defamatory.
  • Spread gossip, rumours, or innuendos about employees, clients, suppliers, or other outside parties.
  • Send, receive, solicit, print, copy, or reply to sexually oriented messages or images.
  • Send, receive, solicit, print, copy, or reply to messages or images that contain foul, obscene, disrespectful, or adult-oriented language.
  • Send, receive, solicit, print, copy, or reply to messages or images that are intended to alarm others, embarrass RYOBI negatively impact productivity, or harm morale.

The purpose of these email and IM rules is to ensure that information sent or received via the RYOBI’ IT systems are appropriately protected, that these systems do not introduce undue security risks to RYOBI and that users are made aware of what RYOBI deem as acceptable and unacceptable use of its email and IM.

  • RYOBI’ Rules related to handheld devices

Many users do not recognize that mobile devices represent a threat to IT and data security. As a result, they often do not apply the same level of security and data protection as they would on other devices such as desktop or laptop computers. This policy outlines RYOBI’ requirements for safeguarding the physical and data security of mobile devices such as smartphones, tablets, and other mobile devices that PCs and Notebooks.

  • RYOBI’ users of handheld devices are expected to diligently protect their devices from loss and disclosure of private information belonging to or maintained by RYOBI.
  • In the event of a security incident or if suspicion exists that the security of RYOBI’ systems has been breached, RYOBI shall be obliged to notify the IT support immediately together with the Information Officer or Deputy Information Officer should the Information Officer not be available especially when a mobile device may have been lost or stolen.
  • Anti-virus rules
  • Management of RYOBI is responsible for creating procedures that ensure anti-virus software is run at regular intervals, and computers are verified as virus-free. Any activities to create and/or distribute malicious programs into RYOBI’ programs (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.) are prohibited.
  • It is worth noting that users are discouraged from attempting to remove viruses themselves. If a virus infection is detected, users are expected to disconnect from RYOBI’ networks, stop using the infected computer immediately and notify IT support.
  • It is further worth noting that BRAND DEALDEALS’rs are encouraged to be cautious of e-mail attachments from an unknown source as viruses are often hidden in attachments and RYOBI confirms that all employees have received and will continue to receive internal training in respect of such virus and how to identify them If a virus is suspected, the attachment must not be opened or forwarded and must be deleted immediately.
  • Physical access control
  • All of RYOBI’ premises that include computers and other types of information technology resources will be safeguarded against unlawful and unauthorized physical intrusion, as well as fire, flood and other physical threats. This includes but is not limited to; security doors, key entry areas, external doors that are locked from closing until the opening of the building, locked and/or barred windows, security cameras, registration of visitors at entrances, security guards, and fire protection.
  • Usage Data

 

Usage Data Usage Data has collected automatically when using the internet services of RYOBI. Usage Data may include information such as data subjects’ device’s internet protocol address (e.g. IP address), browser type, browser version, details of the pages of RYOBI’ website that are visited by data subjects, the time and date of the website visit, the time spent on those pages, unique device identifiers and other diagnostic data. When data subjects access the website services of RYOBI by or through a mobile device, RYOBI South Africa may collect certain information automatically, including, but not limited to, the type of mobile device used by the data subject, unique ID, the IP address of the mobile device, the mobile operating system, the type of mobile Internet browser used, unique device identifiers and other diagnostic data. RYOBI may also collect information that the user’s browser sends whenever RYOBI’ website is visited.

  • Tracking Technologies and Cookies

Cookies and similar tracking technologies are used to track the activity on BRAND DDEALS’website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and improve and analyze the website’s efficiency. The technologies which may be used to track may include:

  • Cookies or Browser Cookies. A cookie is a small file which may be placed on a data subject’s device. Data subjects can instruct their browser to refuse all Cookies or to indicate when a cookie is being sent. However, if this function of RYOBI’ website is not accepted, data subjects may not be able to use some parts of the website. Unless the browser settings have been adjusted RYOBI’ website may use Cookies.
  • Flash Cookies. Certain features of the website may use local stored objects (or Flash Cookies) to collect and store information about data subjects’ preferences or activity on the website. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how Flash Cookies can be deleted the following process can be followed: “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flashplayer/kb/disable-local-shared-objects;
  • Web Beacons. Certain sections of the website and emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit RYOBI, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
  • Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on data subjects’ personal computers or mobile devices even when offline, while Session Cookies are deleted as soon as data subjects’ web browsers are closed.

 

  • RYOBI’ website

Data subjects who use the RYOBI website will be subject to the general website terms and conditions available on the website landing page. Customers who register on the RYOBI online platforms confirm that they have read through and understand the terms and conditions associated with the usage of the website.

  1. THIRD-PARTY OPERATORS

 

RYOBI recognizes that, in fulfilling its service offering to its customer base and to operate efficiently, it is necessary at times to share data subjects’ personal and special personal information with third parties for specific reasons related to RYOBI’ service delivery. As referenced in clauses 5 and 6 above, RYOBI will obtain the necessary Consent where required from the particular data subject.

RYOBI shall moreover and where possible enter into an OPERATORS’ AGREEMENT with the relevant third party with which RYOBI shares data subjects’ information to ensure that the third party operator treats the personal information of RYOBI’ data subjects responsibly and by the provisions contained in the Act and Regulations thereto. RYOBI shall, where possible request copies of the third party operators’ POPIA Policy, rules, internet rules and details of the third party’s Information Officer.

BANKING DETAILS

When orders are placed, customers have a choice of payment methods available to them for payment of their order/s via EFT, debit/credit card payments or paygate options such as Payfast, PayU, Payflex, and Walletdoc. Customers are subject to the terms and conditions related to their personal and special personal information which they complete on these payment platforms of such platform suppliers and cannot hold RYOBI liable for a data breach which may occur on any one of these payment platforms.

DIRECT MARKETING

RYOBI is committed to not sharing data subjects’ information with third parties for the sole purpose of such third-party marketing to such data subjects. If any associated third party uses the data subjects’ information shared by RYOBI with such third party in the fulfilment of its legal services, RYOBI takes no responsibility for any consequences suffered by the data subject which may have been caused by the third party’s actions.

RYOBI sends out regular bulk emails to its database of existing customers. These bulk emails contain new product offerings and other relevant information related to the RYOBI service. These bulk emails will always contain the required OPTING OUT/UNSUBSCRIBE options which allow the recipients of the emails to request the removal of their details from these bulk emails.

DATA CLASSIFICATION

All of RYOBI’ employees share in the responsibility for ensuring that RYOBI’ information assets receive an appropriate level of protection as set out hereunder:

  • Managers of RYOBI shall be responsible for assigning classifications to information assets according to the standard information classification system presented below.
  • Where practicable, the information category shall be embedded in the information itself.
  • All employees of RYOBI shall be guided by the information category in their security-related handling of RYOBI’ information. All information about RYOBI and all information entrusted to RYOBI from third-parties fall into one of three classifications in the table below, presented in order of increasing sensitivity.

Information Description

Examples

Category

Unclassified Public

Information is not confidential and can be made public without any implications for RYOBI

Product brochures widely distributed · Information widely available in the public domain, including publicly available website areas of RYOBI

Sample downloads of RYOBI’ software that is for Sale · Financial reports required by regulatory authorities · Newsletters for external transmission

Proprietary

Information is restricted to management-approved internal access and protected from external access. Unauthorized access could influence RYOBI’ operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital. 

Passwords and information on corporate security procedures

Know-how used to process client information Standard Operating Procedures used in all parts of RYOBI’ activities

All software codes developed by RYOBI, whether used internally or sold to clients client client

Cclient centennial Data

Information collected and used by RYOBI in the conduct of its business to employ people, tog and fulfil client mandates, and to manage all aspects of corporate finance. Access to this information is very restricted within RYOBI. The highest possible levels of integrity, confidentiality, and restricted availability are vital. 

Salaries and other personnel data

Accounting data and internal financial reports Confidential customer business data and confidential contracts

Non-disclosure agreements with clients\vendors Company business plans

  1. RIGHTS OF THE DATA SUBJECT- FORMS 1 & 2 ATTACHED
  • The data subject or competent person where the data subject is a child may withdraw his, her or its consent to procure and process his, her or its personal information, at any time, providing that the lawfulness of the processing of the personal information before such withdrawal or the processing of personal information is not affected.
  • A data subject may object, at any time, to the processing of personal information– a) In writing, on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing; or b) For purposes of direct marketing other than direct marketing using unsolicited electronic communications.
  • A data subject, having provided adequate proof of identity, has the right to – a) Request RYOBI to confirm, free of charge, whether or not RYOBI holds personal information about the data subject; and b) Request from RYOBI a record or a description of the personal information about the data subject held by RYOBI, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information –  within a reasonable time;  at a prescribed fee as determined by the Information Officer; in a reasonable manner and format; and in a form that is generally understandable.
  • A data subject may, in the prescribed manner, request RYOBI to – a) correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or b) destroy or delete a record of personal information about the data subject that RYOBI is no longer authorised to retain.
  • Upon receipt of a request referred to in clause 14.4, RYOBI will, as soon as reasonably practicable – a) correct the information; b) destroy or delete the information; c) provide the data subject, to his, her or its satisfaction, with credible evidence in support of the information; or d) where an agreement cannot be reached between RYOBI and the data subject, and if the data subject so requests, take such steps as are reasonable in the circumstances, to attach to the information in such a manner that it will always be read with the information, an indication that a correction of the information has been requested but has not been made.
  • RYOBI will inform the data subject, who made a request as set out in clause 14.5, of the action taken as a result of the request.

COVID 19

RYOBI South Africa has implemented and continues to apply its Workplace Risk Assessment measures in line with accepted Occupational Health and Safety Guidelines issued by the Departments of Labour and Health and in terms of the Regulations and Directions to the Disaster Management Act. Concerning these assessment measures, RYOBI South Africa is and will remain entitled to oblige employees and other visitors to complete a Covid 19 Risk Assessment form upon entering the RYOBI offices provided that the personal and special personal information required to be completed is necessary and limited to the purposes of assessing the risk of Covid 19 exposure. RYOBI may also, where required by statute, share the information with the Departments of Labour and Health, especially in the event of someone testing positive and/or where a significant increase of risk exists in the workplace and offices. RYOBI’ delivery service providers will follow their own Covid 19 protocols when making delivery of an order and RYOBI will not be liable for implementation and enforcement of such third-party measures.

With the implementation of the RYOBI South AfricaWorkplace Vaccination program, further employee and other relevant data subjects’ personal and medical information may be collected and processed by RYOBI and may be shared with Regulated third parties and internally if the sharing of the information complies with the provisions for the RYOBI Vaccination Program Policies.

INFORMATION OFFICER

  • Appointed Information Officer:

INFORMATION OFFICER: JD O’Connor

Contact details 083 456 7671 / 010 020 8600

Email jd@brandhubb.com

Postal Address: PO Box 2295, Sunninghill,  2157

Street Address: The District Office Park, 8 Kikuyu Road, Sunninghill, 2191

DEPUTY INFORMATION OFFICERS: Charne Luayne Gibson

Contact details 010 020 8600

Email charne@brandhubb.com

Postal Address: PO Box 2295, Sunninghill,  2157

Street Address: The District Office Park, 8 Kikuyu Road, Sunninghill, 2191

 

  • The general responsibilities of RYOBI’ Information Officer and Deputy Information Officer/s where delegated include the following:
  • The encouragement of compliance, by RYOBI, with the conditions for the lawful processing of personal information;
  • Managing requests made to RYOBI under POPIA;
  • Working with the Regulator about investigations conducted under prior authorisation required to process certain information of POPIA about the business.
  • Continuously perform data backups, store at least weekly backups offsite, and test those backups regularly for data integrity and reliability.
  • Review policy rules regularly, document the results, and update the policy as needed.
  • Continuously update information security policies and network diagrams.
  • Secure critical applications and data by patching known vulnerabilities with the latest fixes or software updates.
  • Perform continuous computer vulnerability assessments and audits
  • The data breach responsibilities of RYOBI’ Information Officer and Deputy Information Officer/s where delegated include the following:
  • Ascertain whether personal data was breached;
  • Assess the scope and impact by referring to the following:
    • Estimated number of data subjects whose personal data was possibly breached
    • Determine the possible types of personal data that were breached
    • List security measures that were already in place to prevent the breach from happening.
  • Once the risk of the breach is determined, the following parties need to be notified within 72 hours after being discovered:
    • The Information Regulator
    • Communication should include the following:
  • Contact details of Information Officer
  • Details of the breach,
  • Likely impact,
  • Actions already in place, and those being initiated to minimise the impact of the data breach.
  • Any further impact is being investigated (if required), and necessary actions to mitigate the impact are being taken.
  • Review and monitor
    • Once the personal data breach has been contained, RYOBI South Africa will conduct a review of existing measures in place, and explore the possible ways in which these measures can be strengthened to prevent a similar breach from reoccurring.
    • All such identified measures should be monitored to ensure that the measures are satisfactorily implemented.

AVAILABILITY AND REVISION

A link to this Policy is made available on the RYOBI company website www.brandhubb.com

This policy will continually be updated to comply with legislation, thereby ensuring that personal information will be secure.

 

Shopping Basket
Secured By miniOrange