Brilliant Cloud – Protection of Personal Information Policy
Brilliant Cloud (Pty) Ltd is committed to protecting our customers, employees and any affected party’s personal information as per the guidelines of the Protection of Personal Information Act (Act 4 of 2013).
What is POPIA?
It is the Protection of Personal Information Act, a law passed by the South African parliament, which sets the conditions that you must follow to lawfully process the personal information about persons.
“To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic; and to provide for matters connected therewith.”
Everyone in South African has to try to protect the personal information they process. POPIA sets conditions that any person who processes personal information must comply with. POPIA aims to protect the personal information of people (like consumers and employees) so that they do not become victims of things like identity theft, which can have very serious consequences. However, POPIA does not aim to stop the free flow of information. It recognises that there needs to be a balance.
Why did POPIA come into existence?
POPIA protects people from harm (whether physical, emotional or financial) by requiring those who process our personal information to protect it. For this reason alone, POPIA is important.
The protection of personal information is definitely needed now, more than ever. With the rise of computing power and devices like tablets and smart watches, personal information is at greater risk than ever before.
Does POPIA apply to everybody?
Yes, virtually everybody. POPIA applies to everybody who processes personal information. It applies to all public and private bodies. Process is defined extremely broadly. In terms of POPIA processing means any operation or activity (either automated or not) that involves the collection, receipt, recording, organisation, collation, storage, updating, retrieval, dissemination, distribution, merging and degradation or erasing of data.
Key points:
- Be responsible when processing personal information
- Take practical effective steps to protect it whenever possible
- POPIA applies to virtually everybody
Who are the role players?
- Data Subject – The person who the personal information is about.
- Responsible Party – The organisation that decides how and why to process personal information.
- Operator – The party that processes personal information for the responsible party.
The 8 conditions of lawful processing
Legend: Responsible Party = [RP]
Personal Information = [PI]
Data Subject = [DS]
1. Accountability – The RP must take accountability to comply with POPI.
2. Processing limitation – The RP must have a good reason for processing information e.g. consent.
3. Purpose specification – The DS must know the reason why the RP is processing their personal information.
4. Further processing limitation – The RP must ensure that if PI is processed again it must be used for the original purpose that they informed the DS about.
5. Information quality – The RP must ensure the PI they process is accurate and complete.
6. Openness – The RP must process PI in a way that allows the DS to know what’s happening to their PI.
7. Security safeguards – The RP must provide appropriate and reasonable security measures for PI.
8. Data subject participation – The RP must communicate with the DS about processing and must allow the DS to correct or update their info.
Brilliant Cloud and POPIA
This policy describes how Brilliant Cloud collects and utilises your personal information, how we secure it, and your choices and rights in relation to your personal information.
It includes the storing and\or processing of Personal Data collected by Brilliant Cloud when you:
- When you request consulting and other related services;
- When you utilise our solutions, software and affiliated products;
- When you provide access to your infrastructure through tools such as Teamviewer and Remote Desktop
- When you visit our websites;
- When you visit our social media pages and interact with marketing communication;
- When you provide us with information by filling in a form;
- If you contact us or us you, whether by telephone, email or other methods;
This policy also applies to the processing of Personal Data collected by us from:
- Third parties, including public databases, social media sites, affiliate business partners with whom we offer services and other third parties.
Personal information we collect
You may browse our websites without submitting any personally identifiable information (“personal information”) at all. We will only collect personal information if you choose to fill out and submit a contact form or when requesting services using a chatbot. The kinds of information we collect from you will vary, depending on how you utilise the website.
You also have the option of providing information regarding your interest in Brilliant Cloud and whether you would like a sales representative to contact you. In these forms we will collect Full Name, Company Name, Email Address and Contact Number.
We may also collect other information that does not personally identify you. Such other information includes browser and device information, website and application usage data, IP addresses, demographic information such as marketing preferences, geographic location, home language, and information collected through cookies and other technologies or information that has been anonymized or aggregated.
You can choose not to provide personal information to us when requested. However, if this is necessary to provide you with our solutions, products and services, or to perform administrative functions, we may be unable to fulfill these functions.
Legal basis for processing your personal information
When we process your personal information in connection with the purposes set out in this policy document, we may rely on one or more of the following legal bases, depending on the purpose for which the processing activity is undertaken and the nature of our relationship with you:
- Our legitimate interests for the purpose of managing, operating or promoting our business, including direct marketing, and transfers within Brilliant Cloud of personal information for business and administrative purposes, except where such interests are overridden by your interests or fundamental rights or freedoms which require protection of personal information.
- Where this is necessary to comply with a legal obligation on us.
- To protect the vital interests of any individual.
- Where you have consented for such processing to take place.
We may use your personal information to:
To improve our solutions, products and services, for example to:
- Perform administrative and business functions and internal reporting.
- Obtain feedback from you about our services, products and solutions including through client surveys.
- Respond to your inquiries
- Send marketing communications to you.
- Enable you to subscribe to our newsletters and mailing lists.
- Enable you to register for Brilliant Cloud events, workshops and conferences.
- Inform you about and provide you with our products, services and solutions.
- Update our records and keep your contact details up to date
- Process and respond to privacy requests, questions, concerns and complaints.
- Fulfil legal and contractual obligations.
Sharing your personal information
We may share your personal information for the purposes set out in this Privacy Statement (as applicable):
- With business partners with whom we offer services or engage in joint marketing activities.
- With service providers to provide operational services or facilitate transactions on our behalf, including but not limited to processing of orders, assisting with sales-related activities or post-sales support, client support, email delivery, data analytics and auditing.
- Where you consent to the sharing of your personal information.
- For other legal reasons and to protect the rights, property or safety of Brilliant Cloud its associate business partners, you, or others, or as otherwise required by applicable law.
Any third parties with whom we share personal information are contractually required to implement appropriate data protection and security measures to protect personal information and are not permitted to use personal information for any purpose other than the purpose for which they are provided with or given access to personal information.
Security of your personal information
We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy. All information you provide to us is stored on secure servers. We limit access to the information by our own employees, contractors, site service providers and those individuals who are authorised for the proper handling of such information. We request that our third-party contractors and site service providers follow similar standards of security and confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take reasonable steps to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to endeavour to prevent unauthorised access.
Where we store your personal data
The data that we collect from you may be transferred to and/or stored outside your territory. It may also be processed by staff operating outside your territory who work for us or for one of our suppliers.
Your rights in relation to your personal data
You have the following rights in relation to your personal data (some of these rights apply only in certain circumstances, and some of them vary according to the legal basis on which we are processing your data or the territory you are located in):
- The right to ask whether we’re processing your personal data and, if we are, to find out details of that processing (as well as obtaining a copy of your personal data).
- The right to ask us to correct any personal data that we hold about you that’s inaccurate or incomplete.
- The right to ask us to delete personal data that we hold about you.
- The right to object to how we’re processing your personal data, and to ask us to restrict how we’re processing your personal data.
- The right to have your personal data provided to you in a structured and commonly-used electronic format.
- The right to opt out of the sale of your personal data if applicable. Personal data collected through Brilliant Cloud is not sold to any third parties.
- The right not to be discriminated against for exercising the rights available to you under applicable data protection laws.
If you wish to exercise any of these rights (for example you no longer wish to receive marketing from us), you can use the link or unsubscribe button provided in our email correspondence, or contact info@brilliantcloud.co.za. Please note, in some circumstances we may need to take steps to verify your identity prior to fulfilling your request.
Cookies and Similar Technologies
When you access our Internet Services, we use cookies (small text files containing a unique ID number which are placed on your PC or device) and similar technologies including scripts, embedded web links and web beacons. We use cookies to assist us with activities such as:
- Improving your browsing experience;
- Customising our interactions with you;
- Compiling statistical data;
- Analysing the performance and usability of our Internet Services;
- Measuring traffic patterns for our Internet Services; and
- Determining which areas of our Internet Services have been visited
- To ensure our platform is secure and safe to use.
These technologies collect information that your browser sends to our Internet Services including your browser type, information about your IP address (a unique identifier assigned to your computer or device which allows your PC or device to communicate over the Internet), together with the date, time and duration of your visit, the pages you view and the links you click.
Our Internet Services may also contain web beacons or similar technologies from third party analytics providers, through which they collect information about your activities across our Internet Services to help us compile aggregated statistics. You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Communication and Direct Marketing
We may contact you to notify you regarding your account with Brilliant Cloud, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you with regard to any agreement we may have with you/your organisation. For these purposes we may contact you via email, telephone, text messages, and postal mail.
We may send you direct marketing communications about our solutions and products and services. We may send you information on events, conferences and webinars presented by Brilliant Cloud. You can choose whether you wish to receive marketing material from Brilliant Cloud. You may opt out of receiving marketing materials from us at any time and manage your communication preferences by:
- Following the unsubscribe instructions included in each marketing email
- Sending an email to the sender of the marketing communications; or sending a request to info@brilliantcloud.co.za
- If you opt out of receiving marketing related communications from us, we may still send you administrative messages as part of your ongoing use of our products, solutions and services, which you will be unable to opt out of.
We do not provide your personal information to unaffiliated third parties for direct marketing purposes or sell, rent, distribute or otherwise make personal information commercially available to any third party.
Retaining your personal information
We will retain your personal information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations, resolve disputes, protect our assets, or enforce agreements.
Links to other websites
Our site may, from time to time, contain links to and from the websites of our software publisher network and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Updates to this Privacy Policy
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
How to contact us
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us:
Brilliant Cloud (Pty) Ltd
Unit 6 Boskruin View Office Park
Cnr Ysterhoud Drive and Kelly Road
Boskruin, Randburg
Email: info@brilliantcloud.co.za
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you also have the right to lodge a complaint with the Information Regulator.
Brilliant Cloud POPIA legal disclaimer
- The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice.
- We would like to stress that there is no substitute for customers making their own detailed investigations or seeking their own professional advice if they are unsure about the implications of the POPIA on their businesses.
- Brilliant Cloud will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise, from the use of or reliance on this information or from any action or decisions taken as a result of using this information.