Effective date: 1 June 2021
The purpose of this policy is to provide users with information on how “cookies” are used on Sustainable Seas Trust (SST) electronic platforms. In this policy, the term “cookies” refers to cookies and other similar technologies covered by the EU Directive on privacy in electronic communications. This policy applies to all SST electronic platforms.
For the purposes of this document, the following definitions are used:
• “Cookie”: A cookie is a small piece of data that a website asks a website user’s browser to store on their computer or mobile device. Cookies allow websites to “remember” a user’s actions or preferences over time. Most internet browsers support cookies, however, users can set their browsers to decline certain types of cookies or specific cookies. Furthermore, users can delete cookies at any time.
Objectives of the Policy
• Some cookies remember a user’s language or preferences so that they do not have to repeatedly make these choices when visiting one of SST’s websites.
• Cookies allow SST to serve users specific content, such as videos on the SST website(s).
• SST may employ the learnings of a user’s behaviour on the SST website(s) to serve them with targeted advertisements on third-party website(s) in an effort to “re-market” SST products and services.
The information SST collects from cookies enables SST to:
• Tailor SST websites to a user’s personal needs.
• Remember the notifications that have been shown to a user so that they are not shown them again.
• Make improvements and updates to SST websites based on the way user’s want to use them.
2. Data protection principles
3. Lawful processing
4. Information regarding professional liability insurance
5. Liability for Contents
6. Liability for Links
8. An overview of data protection
8.3 General information
8.4 Data which you upload
9. Where your personal data is stored
10. Recording of data on this website
11. What types of cookies do SST use?
12. Server log files
13. Contact form
14. Request by email, telephone or fax
15. Registration on this website
16. Analysis tools and advertising
17. How are cookies used for advertising purposes?
18. How are third party cookies used?
19. How do I reject and delete cookies?
20. Plug-ins and Tools
21. Data transfer upon closing of contracts for services and digital content
11. Contact SST
The security and management of personal information is important to ensure that SST can function effectively and successfully for the benefit of SST members and for the community and voluntary sector. In doing so, it is essential that people’s privacy is protected through the lawful and appropriate use and handling of their personal information.
The use of all personal data by SST is governed by the following:
• The Protection of Personal Information (POPI) Act, and
• The Promotion of Access to Information (PAIA) Act.
2. Data Protection Principles
There are six data protection principles that SST ascribes to. These require that all personal data be:
• Processed in a lawful, fair, and transparent manner.
• Collected only for specific, explicit, and limited purposes (‘purpose limitation’).
• Adequate, relevant, and not excessive (‘data minimisation’).
• Accurate and kept up to date where necessary.
• Kept for no longer than necessary (‘retention’).
• Handled with appropriate security and confidentiality.
SST are committed to upholding the data protection principles. All personal data under SST’s control must be processed in accordance with these principles.
3. Lawful Processing
All processing of personal data must meet one of the following lawful, fairly and in a transparent manner.
• Where SST have the consent of the data subject.
• Where it is in SST’s legitimate interest, and this is not overridden by the rights and freedoms of the data subject.
• Where necessary to meet a legal obligation.
• Where necessary to fulfil a contract or pre-contractual obligation.
• Where SST are protecting someone’s vital interests.
• Where SST are fulfilling a public task or acting under official authority.
• Any special category data (such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) and the processing of genetic data such as biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life or sexual orientation, and the data of minors shall be prohibited unless accompanied by an ethical review and approval by the SST Ethics Committee (EC).
• Where processing is based on consent, the data subject has the option to withdraw their consent.
• Where electronic direct marketing communications are being sent, the recipient should have the option to opt-out in each communication sent, and this choice should be recognised and adhered to by SST.
4. Information Regarding Professional Liability Insurance
Name and registered office of the insurer:
John Gregory Stapleton Brokers (Pty) Ltd est. 2016 JGSB brokers
Authorised Financial Services Provider Number – 45045 http://www.jgsb.co.za/
5. Liability for Contents
As service providers, SST are liable for the contents of their website(s). Liability is only possible at the time of knowledge about a specific violation of law. Illegal contents will be removed immediately at the time SST receives knowledge of them.
6. Liability for Links
SST offers include links to external, third-party websites. SST have no influence on the contents of these websites, therefore, SST cannot guarantee this content. Providers or administrators of linked websites are always responsible for their own content.
Websites that are linked to by SST undergo checks for possible violations of the law at the time of the establishment of the link. Permanent monitoring of the contents of linked websites cannot be imposed without reasonable indications that there has been a violation of an applicable law. Illegal links will be removed immediately at the time SST receives knowledge of them.
Reproduction, editing, distribution as well as the use of any kind of content outside the scope of the copyright law requires the written permission of the author or originator. Downloads and copies of these websites are permitted for private use only, unless specified further.
The commercial use of SST content without the permission of the originator is prohibited.
Copyright laws of third parties are respected as long as the content on these websites does not originate from the provider. Contributions of third parties on this site are indicated as such.
Should users notice any violations of copyright law, they are asked to please inform SST and such content will be removed immediately.
8. An Overview of Data Protection
8.3 General Information
The following information is a summary of what will happen with a website user’s personal data when they visit the SST website.
The term “personal data” encompasses all data that can be used to personally identify a user. For detailed information about the subject of data protection, users may consult the SST Data Protection Policy.
8.4 Data Users upload
a. When an Individual Registers an SST Username
Email address: this is either the email address that is provided by the individual or the email address that is associated with the individual’s Google or Facebook account. SST uses this information to distribute important information about users’ accounts and prevents the abuse of the system by only allowing each email address to be used once.
Username (optional): this can be a user’s legal name or an alias. The username is used to show the recipient of the calendar who the calendar is from.
b. When a User Makes a Purchase
Contact information (website only): this information is used to create an invoice/ learner account.
9. Where Personal Data is Stored
All personal information that is collected by SST is stored on SST servers located in South Africa.
a. Third Parties with Whom Personal Data May Be Shared
Google Inc.: this app uses Firebase for various tasks, such as login / registration and push notifications. A user’s email address / Facebook / Google account information will be shared with Google Inc. during the registration process. More information about Firebase and GDPR can be found here.
b. Other Data
While using SST services, users have the option to upload their own images and text. Users must note that this information can be accessed by others when a calendar is shared.
10. Recording of Data on the SST Website (Cookies)
In some cases, it is possible that third-party cookies may be stored on a user’s device once they enter the SST website (third-party cookies). These cookies allow users access to certain services offered by the third party (e.g. cookies for the processing of payment services).
Cookies have a variety of functions. Many cookies are technically essential as certain website functions would not work in the absence of cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.
Internet users have the option to set up their browser in such a manner that they will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. Internet users may also exclude the acceptance of cookies in certain cases, or in general, or activate the delete function for the automatic eradication of cookies when their browser closes. If cookies are deactivated, the functions of the SST website may be limited.
In the event that third-party cookies are used, or if cookies are used for analytical purposes, SST will separately notify the user in conjunction with this Data Protection Policy and, if applicable, ask for consent.
11. What Types of Cookies Does SST Use?
SST use both first-party and third-party cookies on the SST website.
• First-party cookies are cookies issued from SST domains that are generally used to identify the language and location preferences of users or to render basic site functionality.
• Third-party cookies belong to and are managed by other parties, such as SST business partners or service providers. These cookies may be required to render certain forms, such as the submission of a job application, or to allow for some advertising outside of the SST website.
a. Session Cookies
Session cookies are temporary cookies that are used to remember a user during their visit to the website. Session cookies expire when the web browser is closed.
b. Persistent Cookies
Persistent cookies are used to remember a user’s preferences within the website and remain on their desktop or mobile device even after the user closes their browser or restarts their computer. SST uses persistent cookies to analyse user behaviour and establish visit patterns so that it may improve the SST website’s functionality for anyone visiting the website. These
cookies also allow SST to serve website users with targeted advertising and measure the effectiveness of the website’s functionality and advertising.
12. Server Log Files
The provider of the SST website and its pages automatically collects and stores information in so-called server log files, which website user’s browsers communicate to SST automatically. The information comprises the following:
• Type and version of the browser used to access the website,
• Operating system of the device used to access the website,
• Referrer URL,
• Hostname of the accessing device,
• Time of the server inquiry, and
• The IP address of the device used to access the website. This data is not merged with other data sources.
The operator of the SST website has a legitimate interest in the technically error free depiction and optimisation of the operator’s website. In order to achieve this, server log files must be recorded.
13. Contact Form
If a user submits an inquiry to SST via the SST contact form, the information provided in the contact form as well as any contact information provided therein will be stored by SST in order to process the inquiry and in the event that SST has further questions relating to the inquiry. SST will not share this information without the consent of the user in question.
The information entered into the contact form shall remain with SST until the associated user requests that SST delete the data, revokes their consent to the archiving of data, or if the purpose for which the information is being archived no longer exists (e.g. after SST had concluded its response to the inquiry). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.
14. Requests Via Email, Telephone, or Fax
If an individual contacts SST via email, telephone, or fax, their request, including all resulting personal data (name, request) will be stored and processed by SST for the purpose of processing the request. SST does not pass data on without consent.
Data sent by an individual to SST via contact requests remains with SST until the requesting individual requests that SST delete the data, revokes their consent to the storage of their data, or the purpose for the data storage lapses (e.g. after completion of the request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
15. Registration on the SST Website
Individuals have the option to register as a user on the SST website to be able to access additional website functions. SST shall use the data supplied only for the purpose of delivering the respective offer or service a user has registered for. The required information SST requests at the time of registration must be entered in full or SST will reject the registration.
To notify users of any important changes to the scope of the SST portfolio, or in the event of technical modifications, SST shall use the email address provided during the registration process to contact users.
Data recorded during the registration process shall be stored by SST for as long as a user is registered on the SST website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.
16. Analysis Tools and Advertising
SST uses Google Analytics to collect information about user’s behaviour on the SST website. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The SST website uses information recorded by Google that is, as a rule, transferred to a Google server in the United States where it is stored.
17. How Are Cookies Used for Advertising Purposes?
Cookies and ad technology such as web beacons, pixels, and anonymous ad network tags help SST serve relevant ads to users more effectively. They also help SST collect aggregated audit data, research, and performance reporting for advertisers. Pixels enable SST the ability to understand and improve the delivery of products to website users and know when certain advertisements have been shown to them. Since a user’s web browser may request advertisements and web beacons directly from ad network servers, these networks can view, edit, or set their own cookies just as if the user had requested a web page from their site.
based advertising. SST do not provide any personal information that it collects to advertisers and users can opt out of off-site and third party-informed advertising by adjusting their cookie settings. Opting out will not remove advertising from the pages an internet user visits, but will result in the ads that are shown not being matched to the user’s interests.
18. How are Third Party Cookies Used?
19. How Can Users Reject and Delete Cookies?
20. Plug-ins and Tools
YouTube with Expanded Data Protection Integration
The SST website embeds videos from the social media platform YouTube. SST uses YouTube in expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about users before they watch a video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether a use is watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as a user starts to play a YouTube video on the SST website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified about which of SST pages a user has visited. If a user is logged into their YouTube account while visiting the SST website, YouTube can directly allocate their browsing patterns to their personal profile. Users have the option to prevent this by logging out of their YouTube account.
Furthermore, after a user has started to play a video, YouTube will be able to place various cookies on their device or comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube will be able to obtain information about this website’s users. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
Under certain circumstances, additional data processing transactions may be triggered after a user has started to play a YouTube video which are beyond SST’s control.
Vimeo Without Tracking (Do-Not-Track)
The SST website uses plugins from the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
Whenever an internet user visits an SST page that features a Vimeo video, a connection with the Vimeo servers is established. In conjunction with this, the Vimeo server receives information about which of the pages on the SST websites was visited. Vimeo also receives the user’s IP address, however, SST has set up Vimeo in such a way that Vimeo cannot track user activities and does not place any cookies.
Google Web Fonts (local embedding)
The SST website uses Web Fonts provided by Google to ensure the uniform use of fonts on the site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Web Fonts, users may follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
eCommerce and Payment Service Providers
Data transfer upon closing of contracts for online stores, retailers, and the shipment of merchandise
SST shares personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with companies entrusted with the shipment of goods or the financial institution tasked with the processing of payments. Any further transfer of data shall not occur or shall only occur if a user has expressly consented to the transfer. Any sharing of a user’s data with third parties in the absence of their express consent, for instance for advertising purposes, shall not occur.
21. Data Transfer Upon Closing of Contracts for Services and Digital Content
SST shares personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.
Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for advertising purposes, shall not occur.
This document is regarded as a living document that may be updated to reflect changes in practice or improved processes. SST reserves the right to modify this policy at any time in accordance with this provision.
23. Contact SST
If internet users have any questions or complaints about this policy or SST’s information handling practices, they may email SST at: email@example.com
|Author||Dr Deborah Robertson- Andersson
Head of Education
|1 June 2021|
|Approved by Information
|Tony Ribbink||17 June 2021|
|1 June 2022|