Our data privacy is of utmost importance to inQuba and the Terms below outline how we manage your data.
- inQuba operates in the Republic of South Africa, Australia and in the USA in the collection of data. The company complies with the Protection of Personal Information Act No. 4 of 2013 (“POPIA”), as well as the Australia Privacy Act of 1988 (“Privacy Act”) and acts as both a responsible party and an operator on behalf of data subjects that inQuba performs processing for. inQuba is committed to compliance with all relevant Australian, United States and South African laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whose personal data inQuba collects and processes in accordance with POPIA and the Privacy Act.
- POPIA applies to the processing of personal data wholly or partly by automated means (i.e. by computer) and to the processing other than by automated means of personal data (i.e. paper records) that form part of a filing system or are intended to form part of a filing system.
- POPIA will apply to the processing of all personal data for a responsible party where the responsible party is domiciled in the Republic of South Africa or not domiciled in the Republic, but makes use of automated or non-automated means in the Republic, unless those means are used only to forward personal data through the Republic. inQuba qualifies under all these categories. inQuba qualifies in some instances as a responsible party and in some instances as an operator, POPIA therefore applies.
- The Privacy Act will apply to the processing of all personal data for a responsible party where the responsible party is domiciled in Australia or not domiciled in Australia, but makes use of automated or non-automated means in Australia, unless those means are used only to forward personal data through Australia.
2. WHICH PERSONAL DATA ARE COLLECTED AND PROCESSED
- inQuba endorses and adheres to the POPIA Act principal of ‘minimality’ whereby inQuba only collects, processes and/or stores the minimum amount of data that it requires to provide the requested service.
- Different data is required at different points of the service provided by inQuba and is not all collected at the same time.
- Depending on the service provided, this can include any or all the following data:
- Full Name;
- Email address
- Contact telephone number
- Delivery address
- Account details
- Passport or national ID
- In certain cases inQuba may require additional personal data for either the service provided or any other legitimate reason. In these instances inQuba will always seek consent from the data subject, together with an explanation of why the additional personal data is necessary.
3. LEGAL BASIS FOR OBTAINING OR REQUESTING PERSONAL DATA
- inQuba requests personal data in its capacity as a responsible party and obtains personal data from responsible parties for processing purposes in its capacity as an operator.
- The legal basis for collecting personal data is primarily as follows:
- predominantly based on consent received from a data subject and on a legitimate business need to provide the data subject with the service requested or to collect insights on behalf of inQuba’s corporate customers;
- where inQuba is under legal obligation to collect personal data;
- in order to protect the legitimate interests of the data subject;
- where processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
- where processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
4. PURPOSE FOR WHICH WE COLLECT PERSONAL DATA
- inQuba is a responsible party and operator under POPIA.
- inQuba uses personal data in a number of different ways, including but not limited to:
- providing the services requested by the data subject;
- providing the data subject or the responsible party with customer support inquiries;
- providing data subjects with information on new products
- analysis of information to establish user insights and needs;
- communicate with the data subject on changes to services, policies, terms and conditions or other important information.
5. SECURITY & QUALITY OF PERSONAL DATA
- inQuba protects and secures all personal data in line with the POPIA and Privacy Act.
- inQuba aims at the highest standards of quality data processing, in line with the requirements of the POPIA and Privacy Act.
- inQuba records all personal data in line with its data protection impact assessment and data inventory policies. These policies are reviewed and updated at least annually.
- Should personal data be compromised and the breach is likely to result in a high risk to the rights and freedoms of natural persons and our corporate customers, inQuba shall communicate the personal data breach to the data subject and our corporate customers without undue delay, and as clearly and simply put as possible. Where inQuba has reasonable doubts concerning the identity of the natural person making a request, inQuba may request the provision of additional personal data necessary to confirm the identity of the data subject.
6. DATA SUBJECT RIGHTS
- In accordance with POPIA, data subjects are provided with the following rights by inQuba:
- Right to be notified that personal data about him, her or it is being collected or his, her or its personal data has been accessed or acquired by an unauthorised person;
- Right to request access to his, her or its personal data and to establish whether a responsible party holds personal data of that data subject;
- Right to request the correction, destruction or deletion of his, her or its personal data;
- Right to object, on reasonable grounds relating to his, her or its particular situation to the processing of his, her or its personal data; as well as to object at any time to the processing of personal data for purposes of direct marketing;
- Right not to be subject to a decision based solely on the basis of the automated processing of his, her or its personal data intended to provide a profile of such person;
- Right to submit a complaint to the Regulator regarding the alleged interference with the protection of the personal data of any data subject or to submit a complaint to the Regulator in respect of a determination of an adjudicator; and
- Right to institute civil proceedings regarding the alleged interference with the protection of his, her or its personal data.
7. RETENTION OF PERSONAL DATA AND OTHER DATA
- inQuba retains personal and processing data in line with the requirements outlined in POPIA and the Privacy Act.
- All personal data that is required to be retained for compliance, legal, archiving, client support or ongoing processing is retained for only as long as is absolutely required, where after it is deleted, erased, destroyed and disposed of.
- Consent is required by inQuba to proceed with the requested service and will be explicitly requested and given.
9. GENERAL INFORMATION
- inQuba has appointed a board approved Data Protection Officer (who acts in the same capacity as an Information Officer under POPIA) to ensure the enforcement and compliance with POPIA and the Privacy Act. Any requests, complaints or communications by staff, third parties, service provides, data subject, controllers, processors or the data security authority should be directed to the following email, namely firstname.lastname@example.org
- inQuba will never sell, share or obtain personal data for any purpose whatsoever, unless it receives the data subject’s consent, and that the recipient is POPIA compliant and has the appropriate security facilities in place.
10. COMPLAINTS PROCEDURE
- This procedure addresses complaints from data subject(s) related to the processing of their personal data, inQuba’s handling of requests from data subjects, and appeals from data subjects on how complaints have been handled.
- All employees/staff are responsible for ensuring any complaints made in relation to the scope of this procedure are reported to the Data Protection Officer.
- Data Protection Officer is responsible for dealing with all complaints in line with this procedure.
- inQuba has the contact details of its Data Protection Officer published on its website, clearly under the ‘Contact us’ section.
- inQuba has clear guidelines on this page and that enables the data subject to lodge a complaint via the above contact details.
- Data subjects are able to complain to inQuba about:
- how their personal data has been processed;
- how their request for access to data has been handled;
- how their complaint has been handled; and
- appeal against any decision made following a complaint.
- Data subject(s) lodging a complaint with the inQuba’s Data Protection Officer are able to do so by means of email direct to the Data Protection Officer as published on the company website.
- Complaints received via the email are directed to the Data Protection Officer for resolution.
- Complaints are to be resolved within one month.
- Appeals on the handling of complaints are to be resolved within one month.
- If inQuba fails to act on a data subject’s access request within one month, or refuses the request, it sets out in clear and plain language the reasons it took no action/refusal. inQuba will also inform the data subject(s) of their right to complain directly to the supervisory authority. In doing so, inQuba provides the data subject(s) with the contact details of the supervisory authority and informs them of their right to seek judicial remedy.