Data protection is a high priority for the management of redPanda. We are committed to ensuring that your privacy is protected when using our services and to business practices which are compliant with all relevant legislation, which includes the General Data Protection Regulations (EU) 2016/697 (“GDPR”), the Protection of Personal Information Act 4 of 2013 (“POPI”) and the Electronic Communications and Transactions Act 25 of 2002 (“ECTA”). The use of redPanda’s website is possible without any indication of personal data; however, if a data subject wants to use company services via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data of a data subject shall always be in line with the above legislation, and in accordance with the country-specific data protection regulations applicable to redPanda. By means of this Policy, our company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this Policy, of the rights to which they are entitled.
This Policy sets out how your personal data will be processed and protected, as well as how we may use personal information that we collect about you when you visit our website, enter, or apply to enter into an agreement with us. By using our website, you acknowledge that you have read and agree to be bound by this Policy.
If you have any questions about this Policy or do not agree with its content, please contact us directly at [email protected].
In this Policy, we use, inter alia, the following terms:
3.1. WHAT MAY BE COLLECTED AND METHODS OF COLLECTION
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: (1) identity data (including first name, surname, address, marital status, title, date of birth and gender), (2) contact data (including phone numbers, e-mail address, billing address and delivery address), (3) technical data (including IP address or cookie information, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website), (4) usage data (including information about how you use our website, products and services), (5) marketing and communications data (includes your preferences in receiving marketing from us and our third parties and your communication preferences, and (6) any other information which we reasonably need to perform our obligations in terms of the agreement with you to make decisions about you or fulfil our regulatory, compliance or other business obligations.
We collect data about you as follows:
We may record calls as required by law, or for quality checks, staff training and/or for purposes relating to your relationship with us.
When you use our website, we automatically receive and record information on our server logs from your browser which may from time to time include your location, IP address, cookie information, and the page you requested. This is statistical data about browsing actions and patterns and does not identify any individual. We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies enable us to improve our service to you, estimate our audience size and usage patterns, store information about your preferences and recognise when you return to our website.
redPanda is not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third-party websites.
4.1. HOW DO WE USE YOUR PERSONAL DATA
Your personal data may also be used for other purposes for which you give your permission, or where we are permitted to do so in law when it is for legitimate business purposes or in the public interest to disclose the data.
You may on reasonable grounds object to the processing of your personal data, after which we undertake not to continue to process such information, except as provided for in law.
4.2. PERSONAL INFORMATION ABOUT CHILDREN AND SPECIAL PERSONAL INFORMATION
We do not intentionally collect or use information of children unless with consent. Our intention is therefore to only process information about children with the consent of a competent person (someone like the parent or guardian), or if required to establish, exercise or defend a right or obligation in law, or if otherwise allowed in law to process it.
We do not intend to process any “special personal information” about you, which includes, for example, political, religious or health-related information, except if we are:
4.3. DATA WE SHARE
We will keep your personal data confidential and only share it with others for the purposes set out in this policy, or if you have otherwise consented thereto, or if we are legally obliged or entitled to do so.
We have trusted relationships with carefully selected third parties who perform services on our behalf. All service providers are bound by contract to maintain the security of your personal data and to use it only as permitted by us.
Subject to this policy, we may share data about you with:
We require all third parties to respect the security of your personal data and to treat it in accordance with all applicable data security laws. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to avail him/herself of this right of access, he or she may at any time contact our Responsible Person or another employee of the controller.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact our Data Protection Officer or another employee of redPanda.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by redPanda, he or she may at any time contact our Responsible Person or another employee of the controller. The Responsible Person of redPanda or another employee shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The Responsible Person of redPanda or another employee will arrange the necessary measures in individual cases.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by redPanda, he or she may at any time contact our Responsible Person or another employee of redPanda. The Responsible Person of redPanda or another employee will arrange the restriction of the processing.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others. In order to assert the right to data portability, the data subject may at any time contact the Responsible Person designated by redPanda or another employee.
redPanda shall no longer process the personal data in the event of the objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If redPanda processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to prothe cessing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to redPanda to the processing for direct marketing purposes, redPanda will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by redPanda for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may directly contact the Responsible Person of redPanda or another employee. In addition, the data subject is free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.
Each data subject shall have the right granted by the Legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision:
(1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
If the decision:
(1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, RedPanda shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may at any time directly contact the Responsible Person of redPanda or another employee of the controller.
If the data subject wishes to exercise the right to withdraw the consent, he or she may at any time directly contact the Responsible Person of redPanda or another.
The data controller shall collect and process the personal data of job applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure.
Where the processing of personal data is based on Article 6(1) (f) GDPR our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders.
The provision of personal data may be required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact our Responsible Person. Our Responsible Person will clarify to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
We may only transfer your data to foreign countries in order for us to perform services to you and/or for purposes of any agreement we have with you.
Such data shall only be transferred to recipients who are subject to laws, binding corporate rules or agreements, that provide an adequate level of protection that uphold the principles for transferring/processing of data that are substantially similar to those principles as set out in GDPR and POPI.
As a responsible company, we do not make use of automated decision-making or profiling.
As the controller, redPanda has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
When you use the website, we may give you an access number, username, password and/or personal identification number (“PIN”). You are responsible to maintain the secrecy and confidentiality of your username, access number, password and/or PIN. Should you misplace or have these details stolen from you it is your responsibility to inform us at [email protected] and take steps to change these details.
We want to ensure that your information is accurate and up to date. You may ask us to correct or remove any information that you think is inaccurate, by sending us an e-mail to [email protected].
You have the right to request us to provide you with information that we hold about you. You must contact us directly to do so or send an e-mail to [email protected]. Fees to obtain a copy of your records may be prescribed in terms of POPI, for which we will provide you with a quote before disclosing such records.
We retain information in accordance with the required legal retention periods or for legitimate business purposes. We will however only retain your information for the purposes explicitly set out in this policy.
Should we keep your information longer than is strictly necessary for purposes of our agreement or as required in law, we will either de-identify your information, or keep it for statistical purposes only.
Whilst we retain your information, we will continue to abide by our non-disclosure obligations and will not sell or share your information without your consent.
We will report any security breach to both the Regulator and the individuals or companies involved within 72 hours of becoming aware of the breach, where feasible. If you suspect any breach regarding your information, kindly notify us immediately by sending an email to [email protected].
Any data subject may, at any time, contact us directly with all questions and suggestions concerning data protection:
By using this website, you indicate your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed to be your acceptance of those changes.
At redPanda Software we have a decade of experience in developing customised software for the retail and financial industries.