This is the privacy policy of The Cabal (a club in South Africa).

This policy details how we collect, store, protect and use personal information – that is information that can be used to identify an individual or a company (juristic person).

Personal information includes:

  1. certain information that is collected automatically when you visit our website,
  2. certain information collected on registration;
  3. certain information collected on submission; and
  4. optional information that you provide to us voluntarily.

Additional information captured on the website that does not classify as personal information may also be collected and processed, including but not limited to:

  1. anonymised information,
  2. de-identified information that cannot be associated with an individual,
  3. statistical information,
  4. information that is public knowledge, which has been publicly and voluntarily disclosed.

Lawful Processing of Personal Information

The conditions for the lawful processing of personal information by or for a responsible party are the
following, as per the Protection of Personal Information Act of 2013 (POPIA):

  1. Accountability
  2. Processing Limitation
  3. Purpose Specification
  4. Further Processing Limitation
  5. Information Quality
  6. Openness
  7. Security Safeguards
  8. Data Subject Participation

Similarly, the General Data Protection Regulation 2016/679 (GDPR) stipulates the following principles of data protection:

  1. Lawfulness, Fairness, and Transparency
  2. Purpose Limitation
  3. Data Minimisation
  4. Accuracy
  5. Storage Limitation
  6. Integrity and Confidentiality
  7. Accountability

General Provisions

  1. This policy applies to all personal information processed by the company and its related entities.
  2. The Information Officer shall take responsibility for compliance with this policy.
  3. The policy will be reviewed annually.

Lawful, fair and transparent processing

  1. To ensure its processing of data is lawful, fair and transparent, a Register of Systems and Activities will be maintained. 
  2. The Register shall be reviewed at least annually. 
  3. Individuals have the right to access their personal data and any such requests made to us shall be dealt with in a timely manner.

Lawful Purposes

  1. All data processed must be done on one of the following lawful bases: consent, contract, legal obligation, public task or legitimate interests.
  2. We shall note the appropriate lawful basis in the Register of Systems.
  3. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
  4. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent will be clearly available and systems should be in place to ensure such revocation is reflected accurately.

Data minimisation

  1. We shall ensure that personal information collected is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. 

Accuracy

  1. We shall take reasonable steps to ensure personal information is accurate. 
  2. Please update us via online forms, registrations, email or phone should your information need to be corrected or updated.
  3. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal information is kept up to date. 

Archiving / Removal

  1. To ensure that personal data is kept for no longer than necessary, archiving policies are in place for each area in which personal data is processed.
  2. Archiving policies are reviewed annually.
  3. The archiving policy shall consider what data should/must be retained, for how long, and why.
  4. Result data is only retained and used for three years.

Security

  1. We shall ensure that personal information is stored securely using modern software and systems that are kept up-to-date.  
  2. Access to personal information shall be limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information. 
  3. When personal information is deleted this will be done safely such that the data is irrecoverable. 
  4. Appropriate back-up and disaster recovery solutions are in place.
  5. Vulnerability assessments and hardening are performed on systems where personal information is stored.

Breach

  1. In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the appropriate authorities and subjects as required by law.

Cookies

  1. We may use cookies in order to grant you a personalised experience when dealing with us.
  2. You may decline the installation of cookies; however, this may degrade your website experience or prevent login.
  3. Third party cookies may be in use in order to deliver a service via our website by means of a third-party online service – such as YouTube, JetPack or Google Analytics.

Collection of Information

  1. We will obtain your consent when collecting personal information for marketing purposes.
  2. On completing our contact form, you will no longer be anonymous to us and may provide us with the following information:
    1. Name and Surname
    2. Contact numbers
    3. Email address
  3. On registration as a member, in order for us to provide the services or membership you wish to receive you may provide us with the following information:
    1. Name and surname
    2. Birthdate
    3. Email address
    4. Contact numbers
    5. Physical address
  4. By using our website, we receive and may record details such as:
    1. Your IP address
    2. Bounce rate
    3. Page time
    4. Cost per Click
    5. Most Visited Pages
    6. Device Information
  5. Should you join our WhatsApp group, you acknowledge that your contact details will be shown to members of that group as per WhatsApp standard functionality.
  6. From time to time, names and surnames will be published on publicly accessible leaderboards should you participate in league or campaign games (applicable to both guests and members).

Purpose of Collection

  1. We may process your information for provision of services and membership that you agreed to when providing it to us.
  2. We may process your information for billing purposes.
  3. We may process your information for ongoing communication during the course of regular business.
  4. We may process your information for lawful marketing purposes.

Marketing and Targeted Content

  1. We, from time to time, may run targeted campaigns on social media and other platforms. These campaigns would be subject to the privacy policies of their respective platforms as well as this privacy policy.

Sharing of Information

  1. We will not sell personal information. No personal information will be disclosed to anyone except as provisioned in this Policy.
  2. We may disclose personal information if required by court order or to comply with the law.
  3. Information may be shared with approved and contractually appointed third-party service providers. Our contracts dictate that third-party services providers may not use your information for their own benefit or for any services other than those requested by us.
  4. From time to time, group orders may be placed with third-party shops and retailers. If you are grouping your order, your information provided in 11(c) may be provided to the third-party and processed according to their privacy policy.

Cross Border Transfers

  1. We may transfer your information outside of the country in which it was collected for processing.
  2. You consent to us processing your personal information in a foreign country where required for completion of our obligations.
  3. Our web servers are hosted in South Africa.

Queries

  1. For any queries relating to our policy, privacy or data handling, please contact us at chair@thecabal.co.za