OrangeNow is committed to protecting your information by handling it responsibly and safeguarding it using appropriate technical, administrative and physical security measures. This privacy statement explains what information we gather about you, what we use it for and who we share it with. It also sets out your rights and who you can contact for more information or queries.
We may process information about you that:
- You provide to us,
- We obtain from third parties or
- Is publicly available.
This information may include your name, age, gender, date of birth and contact details. It may also include ‘sensitive’ or ‘special categories’ of personal data, such as race where required for South African legislative reporting requirements.
We collect and process information about you and/or your business to enable us to:
- Provide our solutions and services to you or our customers;
- To meet our legal or regulatory obligations.
We may collect, record, securely store and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection legislation and as set out in this statement.
We may process your data because:
- You give it to us (for example, providing a completed form);
- Other people give it to us (for example, your employer); or
- It is publicly available.
The personal data will be limited by the nature of our relationship but may include your:
- Name, gender, age and/or date of birth;
- Identification information;
- Contact information, such as address, email, and mobile phone number;
- Employment and education details (for example, the organisation you work for, your job title and your education details).
This may include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your race where this is required to fulfil legislative reporting requirements.
When our customer gives us personal data about you, we make sure they have complied with the relevant privacy laws and regulations. This may include, confirming that our customer has informed you of the processing, and has obtained any necessary permission for us to process that information as described in this privacy statement.
If any information you give us relates to a third party (such as a reference), by providing us with such personal data you confirm that, in line with the above provisions, you have obtained any necessary permission to use it or are otherwise permitted to give it to us.
We rely on one or more of the following legal grounds for processing your personal data:
- You have explicitly agreed to us processing your information for a specific reason;
- The processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
- The processing is necessary for compliance with a legal obligation we have to keep records; or
- The processing is necessary to provide our services to you or our customers.
To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because:
- You have given us your explicit consent to process that data;
- We are required by law to process that data;
- The processing is necessary to carry out our obligations under employment laws; or
- You have made the data manifestly public.
We may disclose details about you to competent authorities, your employer or any person or organisation to whom we may transfer our rights and/or obligations after a restructure, sale or acquisition, as long as they use your information for the same purposes we did;
Information we hold about you may be transferred to other countries where we do business. When we transfer your personal data to other countries we will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. We or they may also require the recipient to subscribe to international frameworks intended to enable secure data sharing to make sure it remains adequately protected.
We use a range of measures to ensure we keep your personal data secure. These include:
- Ensuring staff are aware of our privacy obligations when handling personal data;
- Administrative and technical controls to restrict access to personal data to a ‘need to know’ basis;
- Technological security measures, including firewalls, encryption and anti-virus software; and
- Physical security measures, such as security passes to access our premises.
- The transmission of data over the internet (including by e-mail) is never completely secure. So although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.
We only keep your personal data for the period necessary for the relevant activity or for retention periods that are required by law.
Your rights under data protection laws include the right to:
- Request copies of your data;
- Request correction of your data;
- Request information about the processing of your personal data
- Request erasure of your data;
- Object to us processing your data; and
- Ask us to restrict the processing of your data.
Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if there remains a legal basis to do so.
Should a privacy breach occur, we will notify you as soon as possible after identification of the breach providing you with details of the breach and the steps planned to prevent further breaches.
If you wish to raise a complaint about how we are using your information, have any questions or comments about privacy issues, or wish to exercise any of the rights set out above, please email firstname.lastname@example.org
We may revise this privacy statement from time to time. The revised privacy statement will apply from the revision date set out above. We encourage you to review this statement periodically to remain informed about how we are protecting your information.