LEOPARD’S LEAP CLIENT INFORMATION PROCESSING POLICY
Leopard’s Leap Wines (Proprietary) Limited is committed to protecting your privacy. We recognise our obligation to respectand protect the confidentiality of your personal and financial information. For this reason we have developed this policy togovern the processing of your information. Please read and consider this document carefully since it sets out our intended use ofyour personal and financial information. We require you to consent to this policy before we can render any services to you.
Who we are
When we refer to “we”, “us” or “our” herein we are referring to Leopard’s Leap Wines (Proprietary) Limited (RegistrationNumber 2003/028646/07) (“Leopard’s Leap”) as well as our assignees and successors in title. Our principal place of business is at R45Main Road, Franschhoek, South Africa but we recommend you contact us via our Information Compliance Office via telephoneat +27 (0)21 876 8002 or electronic mail at firstname.lastname@example.org
How we collect information
You recognise that in order to make use of our products and services you will have to provide us with certain informationpertaining to you, failing which we may not be able to render such products or services to you. However, the choice of providingus with information remains yours at all times. We may collect information about you as follows:
(a) From you, including when you apply for our services, submit forms, requests or transactions, use our web sites orotherwise make use of our services;
(b) From public registers, credit bureaus, money laundering, fraud prevention and law enforcement agencies and fromyour current and previous insurance companies, including for the purposes of processing your application for creditor services and to reassess your status from time to time;
(c) From people and entities employed by us to provide services for us, which may include debt collection services,cheque verification services, communications services and data hosting, processing and management services;
(d) From persons employed by you to provide services to you, including communications services and data hosting,processing and management services; and
(e) From such other persons as you may consent to or which may be legally entitled to provide us with information aboutyou.
We may also make enquiries with anyone for the purposes of verifying the accuracy of information already given to us.
Information we may hold
We may record and hold the following types of information about you:
(a) All information of the type as contained in the forms or orders you may submit to us as well as any other details aboutyou that you may provide to us subsequently, including your name, contact details, age, identity number, assets,liabilities, income and payment records;
(b) Information we used to process your application for credit and orders for goods or services and to assess your statusfrom time to time, including as received pursuant to our enquiries with public registers, credit bureaus, moneylaundering, fraud prevention and law enforcement agencies or your current or previous insurance companies.Information received from these entities may be linked to other people with whom you have financial associations,including members of your family and your business partners and associates;
(c) Details of your preferences regarding our products and services, and other demographic and lifestyle information;
(d) Details of the accounts you and the members of your family hold and transactions you and the members of yourfamily have previously concluded with or through us; and
(e) Details of when you contact us and when we contact you, including the IP addresses, electronic mail addresses andtelephone numbers you contact us from and the content of the communications between us, which we may record.
We may hold your information collected hereunder for as long as you are registered to use our services and for at least five yearsthereafter or such longer period as may be required or permitted by law.
Why we need your information
We collect and will process your information for the following purposes:
(a) To process any application you may make for credit and orders for goods or services and for making related decisions(such as the continuation or extension of credit), including by verifying your identity, credit status, contact details,financial track record and otherwise ascertaining that you qualify for our services from time to time;
(b) To take such actions as may be required to enable and improve your use of our services and to exercise our rightsand comply with our obligations in respect thereof, including by processing and recording your product and servicerequests and transactions, managing your accounts and policies, delivering our products and services to you,communicating with you regarding your use of our products and services and collecting payments you may owe us;
(c) To ensure that the information we receive and hold about you is accurate, complete and up to date;
(d) To prevent, investigate and prosecute fraud, money laundering, terrorism, abuse of our services and other unlawfulactivities;
(e) To comply with legal and regulatory requirements, for audit purposes and legal proceedings;
(f) To conduct market research and business analysis, understand your preferences, learn more about the products andservices that you are interested in and improve the products and services we offer to you;
(g) To inform and provide you with the opportunity to make use of products, services and benefits that we offer and thatwe believe may be of interest to you to the extent that we are lawfully permitted to do so; and
(h) For such other purposes as you may consent to or as may otherwise be lawfully permitted, including for the purposesof protecting our and/or your legitimate interests and/or that of our suppliers and other customers.
Please note that we will not contact you telephonically for unsolicited marketing purposes or send unsolicited marketingcommunications to you by mail, facsimile, SMS or electronic mail if you have objected to receiving such communications byway of a public register recognised for such purposes by law or by notifying us of your objection in the prescribed manner. Wewill provide you with reasonable opportunities to object to receiving marketing communications in the manner prescribed bylaw, including upon your application to subscribe to our services and on each occasion when we send you such communications.
Sharing your information
Keeping your financial information secure is one of our most important responsibilities. We cannot disclose your informationunless legally permitted thereto. Save as set out below, we will not transfer your information to a third party without your consentunless legally obliged thereto. In particular, we do not sell lists or databases with our clients’ information and will not provideany of your information to entities that are not affiliated to us so as to permit them to market their goods or services to you. Youagree that we may transfer your information to the following people and organisations in pursuit of the data processing purposesset out in this policy:
(a) To Leopard’s Leap and its affiliated companies including to the directors, employees, contractors, agents, auditors, legal andother professional advisors of Leopard’s Leap and its affiliated companies;
(b) To banks, credit bureaus and fraud prevention agencies, who may link your information with those of your
family members and business associates, provided that we will notify you in advance before we provide adverse
information about you to a credit bureau and, upon request, provide you with a copy of such information as requiredby law;
(c) To your bank and to the other issuers of payment cards issued to you at your request, and to any other person thatsupplies, supports or underwrites a service or product we provide to you insofar as it pertains to your subscription toand use of such service or product;
(d) To governmental, judicial, regulatory and law enforcement bodies and agencies, including the South African RevenueServices and the National Credit Regulator;
(e) To persons employed by us to provide services on our behalf that adhere to principles similar to ours regardingthe treatment of your information, including delivery, debt collection, data hosting, processing and managementservices;
(f) To any person to whom we cede, delegate, transfer or assign any of our rights or obligations pertaining to the productsor services provided to you or contracts concluded with you;
(g) To any person that acts as your legal guardian, executor of your estate, curator or in a similar capacity;
(h) To any person that guarantees or stands surety for the performance of your obligations to us insofar as it pertains tosuch guarantee or suretyship;
(i) To such other persons as may be permitted by applicable law or that you may consent to, including persons andentities who may request such information to evaluate your creditworthiness.
Please note that our sharing of your information may also involve the transfer thereof to third parties outside South Africa. In theevent of such transfer, we will require that such third party also subscribes to protecting your information on terms similar to theterms of this policy.
We will strive at all times to ensure that your records will always be protected against unauthorised or accidental access,processing or loss. We maintain this commitment to data security by implementing appropriate reasonable technical andorganisational measures to safeguard and secure your information, including by using appropriate cryptographic techniques andaccess control mechanisms. If we use a third party to host, manage or process your data on our behalf we will require that suchthird party also commit to implementing appropriate reasonable technical and organisational measures to safeguard and secureyour information. If we are not prevented by a law enforcement or regulatory agency, we will notify you as soon as practicablypossible in writing and at your registered postal or email address if we believe that unauthorised access to your information mayhave occurred, providing you with such information as you may reasonably require to implement protective measures.
What role can you play in protecting your information and accounts?
(a) Never share your user identification name or number, your personal identification number (PIN) or password withanyone or submit it to any web site that you do not recognise and fully trust and never send such information to us oranyone else via unencrypted electronic mail or other unprotected communication mechanism;
(b) Only provide your user identification name or number, your PIN or password to us via our web site when your
browser shows a Secure Socket Layer (SSL) connection directly to us;
(c) Do not leave your computer unattended after you have entered your PIN and password to access your accounts via ourweb site;
(d) Always log or sign off at the end of a web site session;
(e) Change your web password regularly;
(f) Keep your contact details as provided to us up to date and accurate, including by promptly notifying any changesthereto to us; and
(g) Promptly report any suspected security breach, loss or theft of your user identification name or number, your PIN and/or password and of any cards providing access to your accounts;
When you visit any of our websites we may collect certain information about your usage preferences and history. Suchinformation will be stored in a cookie on your computer’s hard drive by your web browser. Cookies are intended to assist andimprove your use of our web sites. Most browsers accept cookies automatically, but usually you can alter the settings of yourbrowser to prevent automatic acceptance. If you choose not to receive cookies, you may not be able to use all the features of ourwebsites.
Every time you connect to our web sites we store web server logs which show your IP address (the unique number which yourmachine uses when it is connected to the Internet); what you looked at; whether the page request was successful or not, andwhich browser you used to view the pages. The use of this data is strictly for statistical and personalisation purposes only. Thishelps us understand which areas of the site are of particular interest and also which pages are not being requested. It also tells ushow many hits and page requests we get.
Currently we use the following security measures to protect your information when you use our non-public services:
(a) You can only use the service if you are registered as a user thereof and chosen an access account number and yourown personal identification number (PIN).
(b) You only have three opportunities to enter your PIN correctly. After the third unsuccessful attempt, you will be
denied access to the service. To reset your PIN, please contact us.
(c) If you log on and do not use the service for ten minutes, you will be logged out automatically. To access your
accounts again, you will need to log on again.
Your rights regarding your information
Provided that you give us suitable and adequate proof of your identity, you have a right to know which records we holdabout you and to know the identity of all third parties which have been or are to be given access thereto. This can be done bysubmitting a written request to us. We may charge a reasonable prescribed fee as notified to you in advance for processing suchrequests. We will not be obliged to provide you with information to the extent that we are prohibited or permitted thereto byapplicable law.
You also have the right to require us to correct or erase any records we hold about you that we are no longer permitted to retain,is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been unlawfully obtained. This can be done bysubmitting a written request in the prescribed form to us. We will notify you of the steps taken as a result of your request.
Please contact our Information Compliance Office indicated at the head of this policy if you want to submit any request to ushereunder. We will provide you with the prescribed form and the amount of any applicable prescribed fee.
Please contact your local branch or our Information Compliance Office indicated at the head of this policy if you want to objectto our collection, processing, recording, protection, use or sharing of your information. Please note that we may require areasonable period to comply with your objection and can only do so if permitted thereto by law and such compliance does notunreasonably prejudice our legitimate interests or that of a third party.