BY ACCESSING AND USING THIS WEBSITE, THE USER CONSENTS TO THE PROCESSING OF THEIR PERSONAL INFORMATION BY Iris NETWORK SOLUTIONS (PTY) LTD ON THE BASIS SET OUT IN THIS PRIVACY NOTICE. IF THE USER DOES NOT CONSENT, THE USER MUST IMMEDIATELY STOP ACCESSING AND/OR USING THIS WEBSITE.
1.1) Iris NETWORK SYSTEMS collects, uses and, in some circumstances, shares the personal information of Users in and through this website.
1.2) Iris NETWORK SYSTEMS respects the rights of Users whose personal information is collected and used by it, including their right to protection against the unlawful collection, retention, sharing and use of such personal information.
1.3) The purpose of this Privacy Notice is to provide Users with information about the information processing activities of Iris NETWORK SYSTEMS and the manner in which their rights are protected.
1.4) This Privacy Notice shall serve as a blanket notification to Users about Iris NETWORK SYSTEMS’ processing activities which will remain valid for a 12 month period. Users will not be notified separately on each occasion that Iris NETWORK SYSTEMS processes the same personal information in the same way over the 12 month period.
1.5) Iris NETWORK SYSTEMS may amend the provisions of this Privacy Notice to comply with any changes in the law, and/or pursuant to any changes to its information processing activities or privacy practices. Such amendments will be published on the website and will become operable from the date of such publication.
1.7) The provisions of this Privacy Notice must, as far as possible, be incorporated into the agreement between Iris NETWORK SYSTEMS and Users of this website.
2. DEFINITIONS AND INTERPRETATION
2.1) In this Privacy Notice, the following words bear the following meanings:
2.1.1) ‘’consent’’ means any voluntary, specific and informed expression of will in terms of which permission is given by or on behalf of a User for the processing of their personal information;
2.1.2) ‘‘direct marketing’’ means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of promoting or offering to supply any goods or services to the data subject;
2.1.3) ‘’information officer’’ means Stuart Birch;
2.1.4) ‘‘operator’’ means an outside third party who processes personal information for or on behalf of Iris NETWORK SYSTEMS in terms of a contract or mandate;
2.1.5) ‘’personal information’’ means any information linked to a User or information that can identify a User, including but not limited to:
126.96.36.199) information relating to a User’s gender, nationality, ethnic or social origin age, language;
188.8.131.52) information relating to a User’s education or their financial, criminal or employment history;
184.108.40.206) a User’s identity number, e-mail address, physical address, telephone number, location information or online identifier;
220.127.116.11) a User’s personal opinions, views or preferences;
18.104.22.168) correspondence sent by a User which is of a private or confidential nature;
22.214.171.124) the views or opinions of others about a User; and
126.96.36.199) the User’s name if it appears with other personal information relating to that User, or if the disclosure of their name on its own would reveal further personal information about that User;
2.1.6) ‘’POPI’’ means the Protection of Personal Information Act, including any regulations or codes of conduct promulgated under it;
2.1.7) ‘’PROATIA’’ means the Promotion of Access to Information Act 2 of 2000;
2.1.8) ‘’process or processing’’ means, in relation to personal information, any operation or activity or any set of operations, whether or not by automatic means, including:
188.8.131.52) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of that information;
184.108.40.206) dissemination by means of transmission, distribution or making available in any other form; or
220.127.116.11) merging, linking, as well as restriction, degradation, erasure or destruction of that information;
2.1.9) ‘’User’’ means a visitor or user of this website, or any of the content or services associated with this website;
2.1.10) ‘’the website’’ means the website or any part thereof which is accessible from https://www.irisns.com.
2.2) Any reference in this Privacy Notice to:
2.2.1) the singular includes the plural and vice versa;
2.2.2) any one gender includes the other genders, as the case may be;
2.2.3) an act, regulation or other law is to the version of that law in force at the effective date of this notice and includes any amendment or re-enactment made to that law after the effective date of this notice.
2.3)When calculating any number of days for the purposes of this notice, the first day must be excluded and the last day of the relevant interval included, unless the last day is not a business day, then the last day will be the next succeeding business day.
2.4) The word “include” means “include without limitation”. Use of the word ‘’include’’ or ‘’in particular’’ is for illustration or emphasis only and where followed by specific examples must not be interpreted as limiting the meaning of the general wording preceding it.
2.5) A requirement that any notice, request, demand or other communication made in terms of this Privacy Notice must be in writing will be met if it is in the form of a data message as defined in the Electronic Communications and Transactions Act, No. 25 of 2002, and is accessible in a manner usable for subsequent reference.
3. RESPONSIBLE PARTY
3.1) Iris NETWORK SYSTEMS will be the party who will be collecting and processing a User’s personal information and as such is designated as the ‘’responsible party’’ for the purposes of this Notice.
3.2) Iris NETWORK SYSTEMS’s contact details are as follows:
3.2.1) Physical address: 5th floor Ooba Building, 30 Waterkant Street, Cape Town;
3.2.2) Telephone number:021 4184840;
3.2.3) Email address: [email protected]
3.2.4) Website address: https://www.irisns.com
3.3) Iris NETWORK SYSTEMS may instruct third party operators from time to time to undertake certain processing activities relating to the User’s personal information.
4. WHAT PERSONAL INFORMATION IS COLLECTED
4.1) Iris NETWORK SYSTEMS may collect the following personal information from the User:
4.1.1) Initials, first name, surname;
4.1.2) Identity number and/or date of birth;
4.1.3) Physical and postal address;
4.1.4) Email address;
4.1.5) Telephone and cellphone numbers;
4.1.6) Gender, nationality, ethnic and social origin, age, language preference.
4.2) The supply of personal information by the User to Iris NETWORK SYSTEMS is voluntary and not mandatory. However, if the User refuses to supply any personal information, certain consequences may naturally flow from such a refusal, such as preventing Iris NETWORK SYSTEMS from concluding or performing any contract with the User, or preventing Iris NETWORK SYSTEMS from complying with one or more of its obligations in law.
4.3) There is no applicable law which directly requires or authorises Iris NETWORK SYSTEMS to collect a User’s personal information.
5. PURPOSE/S FOR COLLECTION AND PROCESSING OF PERSONAL INFORMATION
5.1) Iris NETWORK SYSTEMS shall only collect a User’s personal information for a specific, explicitly defined and lawful purpose relating to a function or activity of Iris NETWORK SYSTEMS’s business.
5.2) Such purposes may include the following:
5.2.1) to enter into a contract with a User;
5.2.2) to perform any obligations under a contract with a User;
5.2.3) to comply with a legal obligation;
5.2.4) to protect a legitimate interest of a User (unless the User has specifically objected in writing to all or some of the processing activities on reasonable grounds);
5.2.5) to pursue its own legitimate interests or the legitimate interests of a third party who it is sharing the information with (unless the User has specifically objected in writing to all or some of the processing activities on reasonable grounds);
5.2.6) to present content to the User in the most effective way for them and their viewing device and browser;
5.2.7) to customise and display content including, but not limited to products, articles, listings and advertisement to the User in a way that Iris NETWORK SYSTEMS feels may interest the User or be most beneficial to them;
5.2.8) to enable the User to voluntarily participate in interactive features on the website;
5.2.9) to notify the User about changes to the website;
5.2.10) to contact the User regarding their support requests.
5.3) If Iris NETWORK SYSTEMS intends to process a User’s personal information for any other purpose not listed in clause 5.2 or which is otherwise not automatically permitted by law, it shall ensure that it obtains the User’s written consent to do so.
5.4) Iris NETWORK SYSTEMS will not sell a User’s personal information to any third party without the prior written consent of the User.
6. COLLECTION DIRECTLY FROM USER
6.1) Iris NETWORK SYSTEMS shall, as far as possible, always collect personal information about a User directly from the User, except in the following circumstances:
6.1.1) Where personal information is collected from a public record, or from another source if the information has already been made public by the User;
6.1.2) where the User has given their written consent to Iris NETWORK SYSTEMS to collect their information from another source;
6.1.3) where the collection of a User’s personal information from another source will not prejudice any of the User’s legitimate interests;
6.1.4) where the collection of personal information from another source is necessary to maintain Iris NETWORK SYSTEMS’s legitimate interests or those of any third party it intends sharing the information with;
6.1.5) where the collection of personal information directly from the User would prejudice the purpose for the collection;
6.1.6) where the collection of personal information directly from the User is not reasonably practicable in the circumstances.
6.2) If Iris NETWORK SYSTEMS collects personal information from a source other than the User, it shall record in writing the details of that source, including the full names and contact details of that source where applicable.
6.3) Personal information may be collected from or supplied by the User in any of the following ways:
6.3.1) during the process of requesting support on this website;
6.3.2) when requesting further services or information from Iris NETWORK SYSTEMS;
6.3.3) when contacting Iris NETWORK SYSTEMS to report a problem with the website or for any other reason; and
6.3.4) when completing any forms on the website.
6.4) The User may visit the website without providing any personal information. However, the website’s servers may still collect technical information regarding the use of the website, which is aggregated for analytical purposes, technical maintenance and for improving the content offered on the website. Such information may include details of the User’s visit, information about the User’s computer, including IP (Internet Protocol) address, operating system and browser type, the User’s location, and usage information. An individual User will not be identified from or by this information and Iris NETWORK SYSTEMS is entitled to copy, distribute or otherwise use such information without limitation.
7.1) “Cookies” are small text files transferred by a webserver to a User’s hard drive and thereafter stored on their computer. The types of information a Cookie collects includes a User’s username, the date and time of their visits to the website, their browsing history and preferences.
7.2.1) distinguish one User from another on the website;
7.2.2) remember the User’s last session when they return to the website;
7.2.3) estimate the website’s audience size and usage patterns;
7.2.4) store information about the User’s preferences, which allows Iris NETWORK SYSTEMS to customize the website and content according to the Users individual preferences; and
7.2.5) speed up searches on the website.
8. GENERAL CONDITIONS FOR PROCESSING PERSONAL INFORMATION
8.1) Iris NETWORK SYSTEMS shall comply with all laws, contracts or regulations when it processes a User’s personal information.
8.2) Iris NETWORK SYSTEMS shall not act unreasonably when processing a User’s personal information. This means that it will collect andprocess a User’s personal information in a way that the User can reasonably expect and in a way that is fair.
8.3) Iris NETWORK SYSTEMS shall respect the User’s right to privacy at all times. If there is another way in which it can achieve the same goal without posing any risk of harm to the privacy rights of the User, then it will choose that option.
8.4) Similarly, if Iris NETWORK SYSTEMS needs to process personal information but there are less privacy-invasive methods of collecting, using and sharing that information, then it will use those methods.
8.5) Iris NETWORK SYSTEMS shall ensure that the personal information that is collected and processed is and remains relevant to the identified purpose/s for such processing, and that such information is and remains adequate, but not excessive, for achieving the identified purpose/s.
8.6) If there are any alternative ways to achieve the identified purpose/s without processing personal information, Iris NETWORK SYSTEMS shall not process that personal information.
8.7) Iris NETWORK SYSTEMS shall ensure that the processing activities it chooses to apply are proportionate to achieving the identified purpose/s and that no less privacy invasive measures are available to achieve the same purpose/s.
8.8) Iris NETWORK SYSTEMS shall ensure that, regardless of the stated purpose/s for processing personal information, the rights and interests of Users will not be unnecessarily prejudiced or infringed, unless it cannot be avoided, and then in such cases, it shall ensure that its own rights and/or interests justify such prejudice or infringement taking place.
8.9) Once Iris NETWORK SYSTEMS has achieved the purpose for the collection of the User’s personal information, it will destroy or delete such information, unless the User has directed otherwise in writing, or Iris NETWORK SYSTEMS is required by law to retain the information for a longer period of time.
8.10) If Iris NETWORK SYSTEMS no longer needs to process personal information to achieve the purpose originally specified, it will stop using that information.
9. DISCLOSURE AND SHARING OF PERSONAL INFORMATION
9.1) Iris NETWORK SYSTEMS may, in the course of providing any content or services on this website, or for the purposes of concluding or performing any sale or other transaction with a User, share certain personal information with third party operators who perform certain processing activities on behalf of Iris NETWORK SYSTEMS.
9.2) Iris NETWORK SYSTEMS may also share aggregated information about Users of this website and their usage patterns. Iris NETWORK SYSTEMS may also use such aggregated information to help advertisers target specific audiences. Such aggregated information will be de-identified and the User’s personal information will not be disclosed.
9.3) Other than as stated in clause 9.1 and 9.3, Iris NETWORK SYSTEMS shall not share a User’s personal information with any third parties unless it has the User’s express consent to do so.
10. USER’S RIGHTS IN RELATION TO THE PROCESSING OF THEIR PERSONAL INFORMATION
10.1) Users shall have the following rights in relation to the processing of their personal information:
10.1.1) to access and correct any personal information held by Iris NETWORK SYSTEMS about them;
10.1.2) to object to the processing of their information; and
10.1.3) to lodge a complaint with the Information Regulator.
10.2) Users may make a request in terms of clause 10.1.1 by following the process for making such a request as set out in Iris NETWORK SYSTEMS’s PAIA manual.
11. FURTHER PROCESSING
11.1) Iris NETWORK SYSTEMS shall not process a User’s personal information for any purpose not previously specified except in the following circumstances:
11.1.1) where the User has consented to such further processing;
11.1.2) where the further processing is necessary for the exercise of any contractual rights or the fulfillment of any obligations between Iris NETWORK SYSTEMS and the User;
11.1.3) where the further processing activities are linked to or compatible with the original purpose;
11.1.4) where the further processing is necessary for the prevention, detection, investigation, prosecution and punishment of an offence;
11.1.5) where the further processing is necessary to enforce any law;
11.1.6) where the further processing is necessary for the conduct of legal proceedings in any court or tribunal that have commenced or are reasonably contemplated;
11.1.7) where the further processing is necessary to prevent or mitigate a serious and imminent threat to the life or health of the User or another individual;
11.1.8) where the further processing is necessary for historical, statistical or research purposes.
11.2) Iris NETWORK SYSTEMS shall ensure that if it intends processing personal information for other purposes not previously specified, it shall notify the User of such further purposes and the possible consequences of the intended further processing for the User.
12. ACCURACY, CORRECTNESS AND COMPLETENESS OF PERSONAL INFORMATION
12.1) Iris NETWORK SYSTEMS shall take reasonably practicable steps to ensure that the personal information kept by it about Users is complete, accurate, not misleading and is updated when necessary.
12.2) However, if a User is aware of any personal information in Iris NETWORK SYSTEMS’s custody that is incorrect, inaccurate or which needs to be updated, the User must make a written request to Iris NETWORK SYSTEMS’s information officer at [email protected] to update or correct the relevant information.
12.3) If a User has contested the accuracy of any personal information being used by Iris NETWORK SYSTEMS, it shall immediately stop using that information until its accuracy has been verified.
12.4) Iris NETWORK SYSTEMS reserves its right to only adhere to a request from a User in terms of clause 12.2 if the correction or updating of that information will result in the personal information being correct and accurate.
12.5) Where personal information that has been shared by Iris NETWORK SYSTEMS with a third party is subsequently updated or corrected, Iris NETWORK SYSTEMS shall ensure that all third parties, with whom that information was shared, receives the updated and/or corrected version of the information as soon as it has been updated and/or corrected.
13. SECURITY SAFEGUARDS
13.1) Iris NETWORK SYSTEMS is committed to protecting the personal information in its custody against any loss of, damage to or unauthorised destruction of that information, and to prevent any unauthorised parties from accessing that information.
13.2) Iris NETWORK SYSTEMS takes steps to continually identify and document any risks to the personal information it has in its possession or under its control and that appropriate security safeguards are in place against those risks.
13.3) Iris NETWORK SYSTEMS shall ensure that in any contracts entered into with third party operators who process personal information on Iris NETWORK SYSTEMS’s behalf, include the following obligations:
13.3.1) the operator shall not process any personal information without Iris NETWORK SYSTEMS’s knowledge and authority;
13.3.2) the operator shall treat all personal information given to it as confidential and shall not disclose it to any unauthorised third parties;
13.3.3) the operator shall establish and maintain adequate security measures which are the same or offer similar protection over the personal information as that employed by Iris NETWORK SYSTEMS;
13.3.4) the operator shall notify Iris NETWORK SYSTEMS immediately where there are reasonable grounds to believe that any personal information has been leaked to or accessed by any unauthorised person;
13.3.5) if the operator is situated in another country, it must comply with the data protection laws in that country and be able to provide verification that it is so compliant;
13.3.6) if an operator is legally obliged to disclose any personal information processed by them on Iris NETWORK SYSTEMS’ behalf to other parties, it must notify Iris NETWORK SYSTEMS beforehand to enable Iris NETWORK SYSTEMS and/or individual Users to protect their rights if necessary.
13.4) Users must maintain the secrecy of any passwords used to gain access to this website and should change such passwords regularly.
13.5) Iris NETWORK SYSTEMS shall ensure that all personal information on its systems is properly backed-up and that back-up copies are stored separately from the live files.
14. NOTIFICATION OF BREACH OF SECURITY
14.1) If personal information about a User is inadvertently leaked or Iris NETWORK SYSTEMS’s security has been unlawfully breached by any unauthorised party, Iris NETWORK SYSTEMS shall immediately identify the relevant Users who may be affected by the security breach, and shall contact them at their last known email address or contact details or by the quickest means possible.
14.2) Iris NETWORK SYSTEMS shall provide sufficient information to the User to allow him or her to take the necessary protective measures against the potential consequences of the compromise, or shall advise Users of the steps to be taken by them and the possible consequences that may ensue from the breach for them.
15. DECISIONS BASED ON PERSONAL INFORMATION PROCESSED
15.1) If Iris NETWORK SYSTEMS is required to make a decision about a User using any personal information that has been obtained, it shall ensure that a record of such information and the decision made is kept for a reasonable period of time to give the User an opportunity to request access to that record.
15.2) Iris NETWORK SYSTEMS shall allow a User a reasonable opportunity to make representations before any decision is made solely on the basis of the personal information processed, if that decision will affect the legal position of the User, or will otherwise adversely affect them in some manner or form.
15.3) Iris NETWORK SYSTEMS shall always ensure that the underlying logic behind any decision made pursuant to the automated processing of personal information is sound and that this underlying logic can be communicated to the User to enable them to make representations.
15.4) If Iris NETWORK SYSTEMS has made a decisions based on incorrect personal information, it shall immediately revisit that decision as soon as it receive notice or becomes aware of the error or inaccuracy of that information.
16. LINKED THIRD PARTY WEBSITES
16.1) This website may contain links or references to other websites, including those of advertisers (“third party websites“) which are not under Iris NETWORK SYSTEMS’s control.
16.2) The provisions of this Privacy Notice are not applicable to third party websites and Iris NETWORK SYSTEMS shall not responsible for the information processing practices and/or privacy policies of those third party websites, or the cookies that those websites may use.
17. DIRECT MARKETING
17.1) The User hereby consents to the processing of their personal information for the purpose of direct marketing by means of electronic communications including automatic calling machines, facsimile machines, SMS’s or electronic mail.
17.2) Where a User is a pre-existing customer of Iris NETWORK SYSTEMS, Iris NETWORK SYSTEMS shall be entitled, without the User’s consent, to sending electronic communications to the User for the purpose of marketing similar products or services offered by Iris NETWORK SYSTEMS.
17.3) The User may object, free of charge, and without unnecessary formality, to the use of their details either when the information was first collected from them or when each subsequent electronic communication is sent to them by Iris NETWORK SYSTEMS.
17.4) The User can opt out of receiving further marketing communications by un-checking certain boxes on the forms used on the website to collect their personal information, or by contacting Iris NETWORK SYSTEMS at [email protected] .
18. CHILDREN’S PERSONAL INFORMATION
Iris NETWORK SYSTEMS shall not process any personal information relating to a person under the age of 18 years unless it has obtained consent from that person’s parent or legal guardian. If this website is being accessed by the parent or guardian of a child under the age of 18 years, and personal information pertaining to that child is being provided by the parent or guardian, then they hereby expressly consent to Iris NETWORK SYSTEMS processing such information according to the further provisions of this Privacy Notice.
19. CROSS BORDER TRANSFERS OF PERSONAL INFORMATION
19.1) Subject to clause 19.2 and 19.3, Iris NETWORK SYSTEMS does not intend sharing a User’s personal information with a third party in another country.
19.2) Iris NETWORK SYSTEMS may transfer personal information to another country in the following circumstances:
19.2.1) the transfer is necessary for the performance of a contract that Iris NETWORK SYSTEMS has with the User;
19.2.2) the transfer is necessary for the implementation of pre-contractual measures taken in response to the User’s request;
19.2.3) the transfer is necessary for the conclusion or performance of a contract with a third party which is for the benefit of or in the interest of the User;
19.2.4) the transfer is otherwise for the benefit of the User; or
19.2.5) the User has consented to the transfer of their information.
19.3) Iris NETWORK SYSTEMS hosts their information which may include a User’s personal information in servers located in another country. In this regard you consent to such transfer subject to 19.4 below.
19.4) If Iris NETWORK SYSTEMS is required to transfer personal information from South Africa to a third party in a foreign country, it shall ensure that the third party is subject to a law, binding code of conduct or contract which effectively upholds principles for the reasonable processing of personal information which are substantially similar to the data protection offered in the Republic of South Africa.
20. RETENTION OF INFORMATION
20.1) Iris NETWORK SYSTEMS will keep a record of any personal information collected for no longer than is necessary to achieve the specific purpose for which it collected such information in the first place unless:
20.1.1) It is required by law to keep a record of such information for a longer period of time; or
20.1.2) It needs to keep a record of such information for another lawful purpose; or
20.1.3) It has a contractual obligation to keep a record of such information; or
20.1.4) The User has consented to their information being kept for a longer period.
20.2) Iris NETWORK SYSTEMS may, if it has de-identified personal information, kept such information for historical, statistical or research purposes. Iris NETWORK SYSTEMS shall ensure that appropriate safeguards are in place to prevent those records from being used for any other purposes, or against the information being re-identified.
21. RETURNING, DESTROYING OR DELETING PERSONAL INFORMATION
21.1) Where Iris NETWORK SYSTEMS is no longer authorised to retain a record of any personal information, it shall either:
21.1.1) ensure that the information is permanently destroyed or deleted as soon as reasonably practicable; or
21.1.2) return the information to the User or transfer it to a third party, if requested by the User in writing to do so.
22.1) The User hereby consents to the processing of their personal information in terms of the provisions of this Privacy Notice.
22.2) The User acknowledges and agrees that such consent has been given voluntarily after the User has read and understood the provisions of this Privacy Notice, in particular, regarding the following:
22.2.1) the types of personal information to be processed;
22.2.2) the specific processing activities to be undertaken;
22.2.3) the specific purpose/s for such processing; and
22.2.4) the possible consequences for the User that may arise from such processing.
22.3) Should a User wish to withdraw any consent previously given by the User, they must notify Iris NETWORK SYSTEMS’s information officer in writing.
23. LODGING AN OBJECTION
23.1) A User may, on reasonable grounds, object to the processing of their personal information at any time after that processing has started.
23.2) If a User wishes to object to the processing of their personal information, they must send written notice of their objection to Iris NETWORK SYSTEMS’s information officer, together with their reasons for doing so.
24. CHOICE OF LAW
This Privacy Notice shall be governed and interpreted in accordance with the laws of the Republic of South Africa.
25. AMENDMENT OF THIS PRIVACY NOTICE
25.1) Iris NETWORK SYSTEMS reserves the right to change, update, add, remove and/or amend any of the provisions of this Privacy Notice from time to time. Such changes, updates, additions, removals or amendments will become effective from the date of their publication on this website.
25.2) It is the User’s obligation to periodically check the provisions of this Privacy Notice for any such changes, updates, additions, removals or amendments.
25.3) The User’s continued use of this website following any changes, updates, additions, removals or amendments to this Privacy Notice will be considered notice of the User’s acceptance to abide by and be bound by this Privacy Notice, as amended.
For more information on your rights to privacy over your information, or the information processing activities of Iris NETWORK SYSTEMS, please do not hesitate to contact us directly on [email protected] or alternatively contact 021 4184840.
Date of last update: 15 January 2015