Terms & Conditions

WEB DISCLAIMER

  1. Introduction
    1. This website can be accessed at www.citilec.co.za, related mobi-sites and software applications (the “Website”) and is owned and operated by CITILEC (RF) (Proprietary) Limited (“Citilec”, “we”, “us” and “our”).
    2. These Website Terms and Conditions (“Terms and Conditions”) govern the ordering, sale and delivery of Goods, and the use of the Website.
    3. These Terms and Conditions are binding and enforceable against every person that accesses or uses this Website (“you”, “your” or “user”), including without limitation each user who registers as contemplated below (“registered user”). By using the Website and by clicking on the “Register Now” button on the Website, as may be applicable, you acknowledge that you have read and agree to be bound by these Terms and Conditions.
    4. The Website enables you to shop online for an extensive range of goods (“Goods”).

General Terms and Conditions for the CITILEC website:  Your access to and use of the Citilec.co.za website is subject to the following Terms and Conditions. The products and services offered by or through the Citilec.co.za website and any sales concluded in respect thereof are also made available subject to the following Terms and Conditions.

BY USING THE CITILEC.CO.ZA WEBSITE, YOU RECOGNIZE THAT YOU’VE READ, UNDERSTOOD AND AGREE TO BE BOUND BY, AND TO COMPLY WITH, THESE TERMS AND CONDITIONS AND ANY FURTHER TERMS AND CONDITIONS THAT CITILEC ELECTRICAL WHOLESALERS (THE PROPRIETOR / WE) MAY PRESCRIBE FROM TIME TO TIME. OUR PRIVACY POLICYRETURNS POLICYDELIVERY POLICYPAYMENT SECURITY POLICY AND COOKIES POLICY FORM PART OF AND MUST BE READ WITH THESE TERMS AND CONDITIONS. WE RESERVE OUR RIGHT TO MAKE CHANGES TO THIS SITE AND THESE DISCLAIMERS, TERMS AND CONDITIONS AT ANY TIME, ALTHOUGH WE WILL GIVE YOU NOTICE OF THE CHANGES SO THAT YOU CAN DECIDE WHETHER TO CONTINUE USING THIS SITE.

Please read these Terms and Conditions carefully.

We reserve our right to suspend our website or any part thereof or terminate your account at any time if we, in our sole discretion, determine that you are not using the website in compliance with these Terms and Conditions or if we believe the information provided by you is untrue, inaccurate or incomplete.

Purchasing Products

This website allows you to browse, select and order products advertised on the site as long as such products are available and not sold out.

You must complete the customer registration process through the site before placing an order for products through the site. Any personal information that you give us will be held and used by us in accordance with our privacy policy.

You may update, edit or terminate your account at any time through the site.

Any order placed through this site is an offer by you to purchase the particular product for the price notified (including the delivery and other charges) at the time you place the order.  We may ask you to provide additional details or require you to confirm your details to enable us to process any orders placed through the site. You agree to provide us with current, complete and accurate details when asked to do so. We reserve the right to accept or reject your offer (in whole or in part) for any reason.

Upon acceptance by CITILEC of your offer, a binding contract of sale upon the terms set forth in these Terms and Conditions shall be deemed to be concluded in respect of the goods that CITILEC has agreed to supply to you. Each order that is accepted by CITILEC shall constitute a separate and distinct contract of sale in respect of the goods forming the subject of such order. If we reject an order (or part thereof) placed through the site, then we will endeavour to notify you of that rejection at the time you place the order or within a reasonable time after you submit your order.

Products on the site cannot be reserved to be bought at a later stage, and placing an item in your “wishlist” or “basket” without completing the order does not amount to an order.

The invoice for your purchase will be emailed to you at the email address you provide to us, which you have authorised us to send our invoice to. A copy of this invoice will be included in your parcel. 

We reserve the right to cancel or refuse to process any order made by you in the event of a breach of any of our Terms and Conditions, by giving written notice of our election to do so to you.

Passing of risk & Reservation of Ownership 

Risk in the products will pass to you or your authorised representative on delivery to your nominated address. We will however retain ownership of the products until payment is received in full.

These Terms and Conditions are in no way intended to deprive you, if you are a “consumer” contemplated under the Electronic Communications and Transactions Act 25 of 2002 (ECTA) of your right to cancel an agreement for the supply of goods within seven days after the date of the receipt of the goods, subject to a handling fee / the reasonable cost of returning the goods, which will be off-set against the refunded purchase price. You are a consumer under ECTA if you are an individual who will use the goods you buy.

A full record of your transactions on our website will be available instantly on your account.

Availability of Products

Please note that all products displayed on our website are subject to availability. We will inform you as soon as possible if any products or services ordered by you are not available. For more information, see our Returns Policy which forms part of these Terms and Conditions.

We reserve the right to discontinue or change the specifications of our products from time to time without notice to you. However, the specifications of a particular product will not be changed after order confirmation and before delivery of that product to you.

Prices

All prices shown on our website are quoted in South African Rands and are valid and effective only in the Republic of South Africa.

Prices advertised online are exclusive to the CITILEC Online.

Payment 

CITILEC accepts payments made by Visa and Master card credit cards only. When you order online, funds equal to the total value of your order will be reserved against the card you are paying with during the checkout process.

By submitting your order and payment card details you warrant that you are authorised to make payment with the payment card and that there are sufficient funds available to pay for the order.

For our Payment Security Policy, click here.

Set-Off

CITILEC may without notice to you set-off any amounts owed to you by it against any liability or debt of yours owing to CITILEC arising from any cause whatsoever, whether or not such liability is liquidated or unliquidated, present or future, accrued or contingent.

Delivery

For our delivery terms, click here.

Refunds, Returns and Exchanges

For our policy on refunds, returns and exchanges, click here.

Privacy Policy

PRIVACY NOTICE AND INFORMED CONSENT NOTICE

 

CONSENT TO PROCESS PERSONAL INFORMATION IN TERMS OF THE PROTECTION OF INFORMATION ACT, 4 OF 2013 (POPIA)

 

(EMAIL,WEBSITE AND SOCIAL MEDIA PRIVACY NOTICE)

 

The Protection of Personal information Act, 4 of 2013 (POPIA) gives effect to the constitutional right to data privacy in terms of Section 14 of the Bill of Rights of the Constitution.

 

The responsible use of the CITILEC website and related resources in respect of data privacy is important to CITILEC.

 

Whilst CITILEC’S is committed to protecting all person’s rights to privacy and who in consequence will ensure that all person’s personal information is used appropriately, transparently and according to applicable law, CITILEC has to ensure that these rights to privacy are balanced with other rights such as the right to use and have access to the CITILEC’s Information and Services including its online and social media platforms and applications.

 

 

This Policy sets out the responsibilities and obligations of all persons who make use of, or access or receive CITILEC’s Information and Communications via its electronic communication facilities and resources including its website, email and social media platforms and how all users of these facilities and resources are to ensure that when using these resources that they respect and process another’s personal information lawfully and in accordance with the provisions of POPIA and the 8 personal information processing principles.

 

 

PLEASE READ THE DOCUMENT BEFORE YOU MAKE USE OF THE CITILEC’S ELECTRONIC FACILITIES OR PROVIDE CITILEC WITH ANY PERSONAL INFORMATION.  BY PROVIDING CITILEC WITH YOUR PERSONAL INFORMATION, YOU CONSENT TO CITILEC PROCESSING YOUR PERSONAL INFORMATION, WHICH CITILEC UNDERTAKES TO PROCESS STRICTLY IN ACCORDANCE WITH THIS PRIVACY POLICY.

 

  1. DEFINITIONS

In this Policy (as defined below), unless the context requires otherwise, the following words and expressions bear the meanings assigned to them and cognate expressions bear corresponding meanings–

1.1 “Child” means any natural person under the age of 18 (eighteen) years;

 

1.2 “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal information under the control of or in the possession of CITILEC;

 

1.3 “Data Subject” has the meaning ascribed thereto under POPIA;

 

1.4 “Direct Marketing” means to approach a person, by electronic communication, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject;

 

1.5 “Direct Marketer” means a supplier who employs Direct Marketing as an advertising mechanism;

 

1.6 “Employees” means any employee of CITILEC;

 

1.7 “Government” means the Government of the Republic of South Africa;

 

1.8 “CITILEC” means the CITILEC (Proprietary) Limited, registration number 2005/022163/07, with its registered address at 105 Algernon Road, Norwood, Johannesburg.

 

1.9 “Operator” means a person or entity who Processes Personal information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party;

 

1.10 “PAIA” means the Promotion of Access to Information Act, No 2 of 2000;

 

1.11 “Personal information” has the meaning ascribed thereto under POPIA and specifically includes any form of information that can be used to identify a Data Subject;

 

1.12 “Policy” means this Privacy Policy;

 

1.13 “POPIA” means the Protection of Personal Information Act No. 4 of 2013;

 

1.14 “Processing” has the meaning ascribed thereto under POPIA. “Process” has a corresponding meaning;

 

1.15 “Regulator” means the Information Regulator established in terms of POPIA;

 

1.16 “Responsible Party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for processing personal information;

 

1.17 “Special Personal information” means personal information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, biometric information or criminal behaviour; and

 

1.18 “Third Party” means any independent contractor, agent, consultant, sub-contractor or other representative of CITILEC.

 

  1. PURPOSE OF THIS POLICY

 

2.1 The purpose of this Policy is to inform Data Subjects about how CITILEC processes their personal information.

 

2.2 CITILEC, in its capacity as Responsible Party (and/or Operator, where applicable), shall strive to observe, and comply with its obligations under POPIA as well as accepted information protection principles, practices and guidelines when it processes personal information from or in respect of a Data Subject.

 

2.3 This Policy applies to personal information collected by CITILEC in connection with the products and services which CITILEC provides. This includes information collected directly from you as a Data Subject, as well as information we collect indirectly though our service providers who collect your information on our behalf.

 

2.4 This Privacy Policy does not apply to the information practices of Third Party companies who we may engage with in relation to our business operations (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that CITILEC does not manage or employ. These Third Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using them.

 

  1. PROCESS OF COLLECTING PERSONAL INFORMATION

 

3.1 CITILEC collects personal information directly from Data Subjects as and when required for a defined purpose, unless an exception is applicable (such as, for example, where the Data Subject has made the personal information public or the personal information is contained in or derived from a public record).

 

3.2 CITILEC will always collect Personal information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.

 

3.3 CITILEC often collects personal information directly from the Data Subject and/or in some cases, from Third Parties. Where CITILEC obtains personal information from Third Parties, CITILEC will ensure that it obtains the consent of the Data Subject to do so or will only process the personal information without the Data Subject’s consent where CITILEC is permitted to do so in terms of clause 3.1 above or the applicable law.

 

3.4 An example of such Third Parties includes: (i) recruitment agencies; (ii) other companies providing services to CITILEC; and (iii) where CITILEC makes use of publicly available sources of information (e.g. the Companies and Intellectual Property Commission, an agency of the Department of Trade and Industry in South Africa (CIPC)).

 

  1. LAWFUL PROCESSING OF PERSONAL INFORMATION

 

4.1 Where CITILEC is the Responsible Party, it will only Process a Data Subject’s personal information (other than for special personal information) where –

 

4.1.1 consent of the Data Subject (or a competent person, where the Data Subject is a Child) is obtained;

 

4.1.2 Processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;

 

4.1.3 Processing complies with an obligation imposed by law on CITILEC;

 

4.1.4 Processing protects a legitimate interest of the Data Subject; and/or

 

4.1.5 Processing is necessary for pursuing the legitimate interests of CITILEC or of a third party to whom the information is supplied.

 

4.2 CITILEC will only process personal information where one of the legal bases referred to in paragraph 4.1 above are present.

 

4.3 CITILEC will make the manner and reason for which the personal information will be Processed clear to the Data Subject.

 

4.4 Where CITILEC is relying on a Data Subject’s consent as the legal basis for processing personal information, the Data Subject may withdraw his/her/its consent or may object to CITILEC’s processing of the personal information at any time. However, this will not affect the lawfulness of any processing carried out prior to the withdrawal of consent or any processing justified by any other legal ground provided under POPIA.

 

4.5 If the consent is withdrawn or if there is otherwise a justified objection against the use or the processing of such personal information, CITILEC will ensure that the personal information is no longer processed.

 

  1. SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN

 

5.1 Special personal information is sensitive personal information of a Data Subject and CITILEC acknowledges that it will generally not process special personal information unless –

 

5.1.1 Processing is carried out in accordance with the Data Subject’s consent;

 

5.1.2 Processing is necessary for the establishment, exercise or defence of a right or obligation in law;

 

5.1.3 Processing is for historical, statistical or research purposes, subject to stipulated safeguards;

 

5.1.4 information has deliberately been made public by the Data Subject; or

 

5.1.5 specific authorisation applies in terms of POPIA.

 

5.2 CITILEC acknowledges that it may not process any personal information concerning a phild and will only do so where it has obtained the consent of the parent or guardian of that phild or where it is permitted to do so in accordance with applicable laws.

 

  1. PURPOSE FOR PROCESSING PERSONAL INFORMATION

 

6.1 CITILEC understands its obligation to make Data Subjects aware of the fact that it is processing their personal information and inform them of the purpose for which CITILEC processes such personal information.

 

6.2 CITILEC will only process a Data Subject’s personal information for a specific, lawful and clear purpose (or for specific, lawful and clear purposes) and will ensure that it makes the Data Subject aware of such purpose(s) as far as possible.

 

6.3 It will ensure that there is a legal basis for the processing of any personal information. Further, CITILEC will ensure that processing will relate only to the purpose for and of which the Data Subject has been made aware (and where relevant, consented to) and will not process any personal information for any other purpose(s).

 

6.4 CITILEC will generally use personal information for purposes required to operate and manage its normal operations and these purposes include one or more of the following non-exhaustive purposes –

 

6.4.1.1 for the purposes of providing its products or services to customers and where relevant, for purposes of doing appropriate customer onboarding and credit vetting

 

6.4.1.2 for purposes of onboarding suppliers or service providers as approved suppliers/service providers of CITILEC. For this purpose, CITILEC will also process a service provider’s/supplier’s personal information for purposes of performing the necessary due diligence checks;

 

6.4.1.3 as part of the “Know Your Customer” / “KYC” process as per the requirements of the Financial Intelligence Centre Act, No. 38 of 2001;

 

6.4.1.4 generally for procurement and supply purposes;

 

6.4.1.5 for purposes of monitoring the use of CITILEC’s electronic systems and online platforms by Data Subjects. CITILEC will, from time to time, engage third party service providers (who will Process the Data Subject’s personal information on behalf of CITILEC) to facilitate this;

 

6.4.1.6 for purposes of preventing, discovering and investigating violations of this Policy, the applicable law and other CITILEC policies;

 

6.4.1.7 in connection with the execution of payment processing functions, including payment of CITILEC’s suppliers’/service providers’ invoices;

 

6.4.1.8 for employment-related purposes such as recruiting staff, administering payroll, background checks, etc.;

 

6.4.1.9 in connection with internal audit purposes (i.e. ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);

 

6.4.1.10 in connection with external audit purposes. For this purpose, CITILEC engages external service providers and, in so doing, shares personal information of the Data Subjects with third parties;

 

6.4.1.11 for company secretarial related purposes. For this purpose, CITILEC will, from time to time, collect information relating to Data Subjects from third parties such as the Companies and Intellectual Property Commission, an agency of the Department of Trade and Industry in South Africa

 

6.4.1.12 for such other purposes to which the Data Subject may consent from time to time;

 

6.4.1.13 for such other purposes as authorised in terms of applicable law; and

 

6.4.1.14 to comply with any applicable law or any query from Government authorities, including any regulatory authority that has authority over CITILEC.

 

  1. KEEPING PERSONAL INFORMATION ACCURATE

 

7.1 CITILEC will take reasonable steps to ensure that all personal information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which personal information is collected or further processed.

 

7.2 CITILEC may not always expressly request the Data Subject to verify and update his/her/its personal information unless this process is specifically necessary.

 

7.3 CITILEC, however, expects that the Data Subject will notify CITILEC from time to time in writing of any updates required in respect of his/her/its personal information.

 

  1. STORAGE AND PROCESSING OF PERSONAL INFORMATION BY CITILEC AND THIRD PARTY SERVICE PROVIDERS

 

8.1 CITILEC may store your personal information in hardcopy format and/or in electronic format using CITILEC’s own secure on-site servers or other internally hosted technology. Your Personal information may also be stored by Third Parties, via cloud services or other technology, with whom CITILEC has contracted with, to support CITILEC’s operations as an electrical wholesaling and distribution company.

 

8.2 CITILEC’s Third Party service providers, including data storage and processing providers, may from time to time also have access to a Data Subject’s personal information in connection with purposes for which the Personal information was initially collected to be processed.

 

8.3 CITILEC will ensure that such Third Party service providers will process the personal information in accordance with the provisions of this Policy, all other relevant internal policies and procedures and POPIA.

 

8.4 These Third Parties do not use or have access to the Data Subject’s personal information other than for purposes specified by CITILEC, and CITILEC requires such parties to employ at least the same level of security that CITILEC uses to protect the Data Subject’s personal data.

 

8.5 Your personal information may be processed in South Africa or another country where CITILEC, its affiliates and their Third Party service providers maintain servers and facilities and CITILEC will take steps, including by way of contracts, to ensure that it continues to be protected, regardless of its location, in a manner consistent with the standards of protection required under applicable law, including POPIA

 

9 PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES

 

9.1 To the extent that CITILEC acts in its capacity as a Direct Marketer, it shall strive to observe, and comply with its obligations under POPIA when implementing principles and practices in relation to Direct Marketing.

 

9.2 CITILEC acknowledges that it may only use personal information to contact the Data Subject for purposes of Direct Marketing from time to time where it is permissible to do so.

 

 

9.3 It may use personal information to contact any Data Subject and/or market CITILEC’s services directly to the Data Subject(s) if the Data Subject is one of CITILEC’s existing clients, the Data Subject has requested to receive marketing material from CITILEC or CITILEC has the Data Subject’s consent to market its services directly to the Data Subject.

 

9.4 If the Data Subject is an existing client, CITILEC will only use his/her/its personal information if it has obtained the personal information through the provision of a service to the Data Subject and only in relation to similar services to the ones CITILEC previously provided to the Data Subject.

 

9.5 CITILEC will ensure that a reasonable opportunity is given to the Data Subject to object to the use of their personal information for CITILEC’s marketing purposes when collecting the personal information and on the occasion of each communication to the Data Subject for purposes of Direct Marketing.

 

9.6 CITILEC will not use your personal information to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal information for marketing purposes, CITILEC shall do so. We encourage that such requests to opt-out of marketing be made via forms and links provided for that purpose in the marketing materials sent to you.

 

  1. RETENTION OF PERSONAL INFORMATION

 

10.1 CITILEC may keep records of the personal information, correspondence, or comments it has collected in an electronic or hardcopy file format.

 

10.2 In terms of POPIA, CITILEC may not retain personal information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances –

 

10.2.1 where the retention of the record is required or authorised by law or by any Government authority;

 

10.2.2 CITILEC requires the record to fulfil its lawful functions or activities;

 

10.2.3 retention of the record is required by a contract between the parties thereto;

 

10.2.4 the Data Subject (or competent person, where the Data Subject is a Child) has consented to such longer retention; or

 

10.2.5 the record is retained for historical, research, archival or statistical purposes provided safeguards are put in place to prevent use for any other purpose. Accordingly, CITILEC will, subject to the exceptions noted in this Policy, retain personal information for as long as necessary to fulfil the purposes for which that personal information was collected and/or as permitted or required by applicable law.

 

10.3 Where CITILEC retains personal information for longer periods for statistical, historical, archival or research purposes, CITILEC will ensure that appropriate safeguards have been put in place to ensure that all recorded personal information will continue to be processed in accordance with this Policy and applicable laws.

 

10.4 Once the purpose for which the personal information was initially collected and processed no longer applies or becomes obsolete, CITILEC will ensure that the personal information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal information. In instances where we de-identify your personal information, CITILEC may use such de-identified information indefinitely.

 

  1. FAILURE TO PROVIDE PERSONAL INFORMATION

 

11.1 Should CITILEC need to collect personal information by law or under its obligations as an employer or product or service provider, and you fail to provide the personal information when requested, we may be unable to perform our duties as an employer, in terms of the applicable law or in terms of providing the product to you.

 

11.2 Should CITILEC need to collect personal information for any of the purposes set out in clause 11.1 and you fail to provide the personal information when requested, your failure to provide such personal information may have negative consequences, including that CITILEC may not be able to effectively perform its obligations as an employer (where CITILEC needs to process your personal information in order to perform its obligations as an employer) or product or service provider (where CITILEC needs to process your personal information in order to provide you with its products or services), have to decline to receive the relevant services from you as a supplier, and you will be notified where this is the case.

 

  1. SAFE-KEEPING OF PERSONAL INFORMATION

 

12.1 CITILEC shall preserve the security of personal information and, in particular, prevent its alteration, loss and damage, or access by non-authorised third parties.

 

12.2 CITILEC will ensure the security and integrity of personal information in its possession or under its control with appropriate, reasonable technical and organisational measures to prevent loss, unlawful access and unauthorised destruction of personal information.

 

12.3 CITILEC has implemented physical, organisational, contractual and technological security measures (having regard to generally accepted information security practices or industry specific requirements or professional rules) to keep all personal information secure, including measures protecting any personal information from loss or theft, and unauthorised access, disclosure, copying, use or modification. Further, CITILEC maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.

 

  1. BREACHES OF PERSONAL INFORMATION

 

13.1 A Data Breach refers to any incident in terms of which reasonable grounds exist to believe that the Personal information of a Data Subject has been accessed or acquired by any unauthorised person.

 

13.2 A Data Breach can happen for many reasons, which include: (a) loss or theft of data or equipment on which personal information is stored; (b) inappropriate access controls allowing unauthorised use; (c) equipment failure; (d) human error; (e) unforeseen circumstances, such as a fire or flood; (f) deliberate attacks on systems, such as hacking, viruses or phishing scams; and/or (g) alteration of personal information without permission and loss of availability of personal information.

 

13.3 CITILEC will address any Data Breach in accordance with the terms of POPIA.

 

13.4 CITILEC will notify the Regulator and the affected Data Subject (unless the applicable law or a Government authority requires that we delay notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject’s personal information.

 

13.5 CITILEC will provide such notification as soon as reasonably possible after it has become aware of any Data Breach in respect of such Data Subject’s personal information.

 

13.6 Where CITILEC acts as an ‘Operator’ for purposes of POPIA and should any Data Breach affect the data of Data Subjects whose information CITILEC processes as an Operator, CITILEC shall (in terms of POPIA) notify the relevant Responsible Party immediately where there are reasonable grounds to believe that the personal information of relevant Data Subjects has been accessed or acquired by any unauthorised person.

 

  1. PROVISION OF PERSONAL INFORMATION TO THIRD PARTY SERVICE PROVIDERS

 

14.1 CITILEC may disclose personal information to Third Parties and will enter into written agreements with such Third Parties to ensure that they process any oersonal information in accordance with the provisions of this Policy, and POPIA.

 

14.2 CITILEC notes that such Third Parties may assist CITILEC with the purposes listed in paragraph 6.3 above – for example, service providers may be used, inter alia,

 

14.2.1 for data storage;

 

14.2.2 to assist CITILEC with auditing processes (external auditors);

 

14.2.3 for providing outsourced services to CITILEC, including in respect of its (i) legal, (ii) data storage requirements and (iii) upskilling of its Employees; and/or

 

14.2.4 to notify the Data Subjects of any pertinent information concerning CITILEC.

 

14.3 CITILEC will disclose personal information with the consent of the Data Subject or if CITILEC is permitted to do so without such consent in accordance with applicable laws.

 

14.4 Further, CITILEC may also send personal information to a foreign jurisdiction outside of the Republic of South Africa, including for processing and storage by Third Parties.

 

14.5 When personal information is transferred to a jurisdiction outside of the Republic of South Africa including to any cloud, data centre or server located outside of the South Africa, CITILEC will obtain the necessary consent to transfer the personal information to such foreign jurisdiction or may transfer the personal information where CITILEC is permitted to do so in accordance with the provisions applicable to cross-border flows of personal information under POPIA.

 

14.6 The Data Subject should also take note that the processing of personal information in a foreign jurisdiction, if and to the extent such Processing does occur, may be subject to the laws of the country in which the Personal information is held, and may be subject to disclosure to the governments, courts of law, enforcement or regulatory agencies of such other country, pursuant to the laws of such country.

 

  1. USE OF WEBSITE COOKIES

 

15.1 Our website uses cookies, which are small text files sent by a web server to store on a web browser. They are used to ensure websites function properly, store user preferences when needed and collect anonymous statistics on website usage.

 

15.2 You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the website. If you accept a “cookie” or fail to deny the use of “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of our website.

 

  1. ACCESS TO PERSONAL INFORMATION

 

16.1 POPIA read with the relevant provisions of the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA”) confers certain access rights on Data Subjects. CITILEC’s PAIA Manual can be found https://www.citilec.co.za (“PAIA Manual”). These rights include –

 

16.1.1 a right of access: a Data Subject having provided adequate proof of identity has the right to: (i) request a Responsible Party to confirm whether any personal information is held about the Data Subject; and/or (ii) request from a Responsible Party a description of the personal information held by the Responsible Party including information about Third Parties who have or have had access to the personal information. A Data Subject may request:

 

16.1.1.1 CITILEC to confirm, free of charge, whether it holds any personal information about him/her/it; and

 

16.1.1.2 to obtain from CITILEC the record or description of personal information concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the personal information. Such record or description is to be provided: (a) within a reasonable time; and (b) in a reasonable manner and format and in a form that is generally understandable.

 

16.1.2 a right to request correction or deletion: a Data Subject may also request CITILEC to –

 

16.1.2.1 correct or delete personal information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or

 

16.1.2.2 destroy or delete a record of personal information about the Data Subject that CITILEC is no longer authorised to retain records in terms of POPIA’s retention and restriction of records provisions.

On receipt of such a request, CITILEC is required, as soon as is reasonably practicable to –

 

16.1.2.2.1 correct the information;

 

16.1.2.2.2 delete or destroy the information;

 

16.1.2.2.3 provide the Data Subject with evidence in support of the information; or

 

16.1.2.2.4 where the Data Subject and Responsible Party cannot reach agreement on the request and if the Data Subject requests this, CITILEC will take reasonable steps to attach to the information an indication that correction has been requested but has not been made;

 

16.1.3 a right to withdraw consent and to object to processing: a Data Subject that has previously consented to the processing of his/her/its personal information has the right to withdraw such consent and may do so by providing CITILEC with notice to such effect at the address set out in paragraph 20. Further, a Data Subject may object, on reasonable grounds, to the processing of personal information relating to him/her/it.

 

16.2 Accordingly, CITILEC may request the Data Subject to provide sufficient identification to permit access to, or provide information regarding the existence, use or disclosure of the Data Subject’s personal information. Any such identifying information shall only be used for the purpose of facilitating access to or information regarding the personal information.

 

16.3 The Data Subject can request in writing to review any personal information about the Data Subject that CITILEC holds including personal information that CITILEC has collected, utilised or disclosed.

 

16.4 CITILEC shall respond to these requests in accordance with POPIA and PAIA and provide the Data Subject with any such personal information to the extent required by law and any of CITILEC’s policies and procedures which apply in terms of the PAIA.

 

16.5 The Data Subject can challenge the accuracy or completeness of his/her/its personal information in CITILEC’s records at any time in accordance with the process set out in the PAIA Manual for accessing information.

 

16.6 If a Data Subject successfully demonstrates that their personal information in CITILEC’s records is inaccurate or incomplete, CITILEC will ensure that such personal information is amended or deleted as required (including by any Third Parties).

 

  1. TIME PERIODS

 

17.1 CITILEC will respond to each written request of a Data Subject not later than 30 (thirty) days after receipt of such requests. Under certain circumstances, CITILEC may, however, extend the original period of 30 days once for a further period of not more than 30 (thirty) days.

 

17.2 A Data Subject has the right to make a complaint to CITILEC in respect of this time limit by contacting CITILEC using the contact details provided in paragraph 20 below.

 

  1. COSTS TO ACCESS TO PERSONAL INFORMATION

 

The prescribed fees to be paid for copies of the Data Subject’s personal information are listed the PAIA Manual.

 

  1. CHANGES TO THIS POLICY

 

19.1 CITILEC reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.

 

19.2 The current version of this Policy will govern the respective rights and obligations between the Data Subject and CITILEC each time that the Data Subject access and use CITILEC’s site.

 

  1. CONTACTING US

 

20.1 All comments, questions, concerns or complaints regarding your Personal information or this Policy, should be forwarded to us as follows — Tel. 011 334 2737 Address: 246 Main Street, City & Suburban, Johannesburg, 2001 Postal: P O Box 652. Highlands North, 2037.   Information Officer:

 

20.2 If a Data Subject is unsatisfied with the manner in which CITILEC addresses any complaint with regard to CITILEC’s processing of personal information, the Data Subject can contact the office of the Regulator, the details of which are set out below – Website:http://justice.gov.za/inforeg/ Tel: 012 406 4818 Fax: 086 500 3351 Email: inforeg@justice.gov.za