PRIVACY POLICY

 

EVEREST’S COMMITMENT TO DATA PRIVACY PROTECTION

Protecting the security and privacy of your Personal Information is important to Everest (“Everest, we”, us” and “our”) and to the way we conduct our business. We also strive to ensure we are in compliance with laws on privacy, data protection and data security in the countries in which we maintain websites and our mobile application (“Platforms”). We hope the policy outlined below will help you understand what information Everest may collect, how Everest uses and safeguards that information and with whom we may share it.

 

PERSONAL DATA

The acquisition and processing of personal data follows legal regulations.

We take cognisance of the right to privacy as enshrined in the Constitution of the Republic of South Africa and the relevant legislation to protect the right to privacy, such as the Protection of Personal Information Act, No. 4 of 2013 (“POPI”).

By using any part of the Platforms or by providing information to Everest you consent to Everest processing your information as set out in this policy.

 

COMPLIANCE WITH DATA PROTECTION REGULATIONS IS CONTROLLED BY THE FOLLOWING BODIES, TO WHOM ANYONE CAN APPLY:

 

Regulatory authority:
The Information Regulator (South Africa)

SALU Building,
316 Thabo Sehume Street,
Pretoria

Tel: 012 406 4818

Fax: 086 500 4818

Email: inforeg@justice.gov.za

 

Everest:

________

________

________

 

 

 

  1. PURPOSE
  • The purpose of this policy is to comply with the conditions of POPI and to set out rules to govern the use, storage and protection of personal information which you supply to us.

 

  1. SCOPE
    • This policy applies to:
      • all personal information held and processed by us;
      • all employees and clients of Everest who are granted access to personal information;
      • all contractors, suppliers, partners and external collaborators and visitors who may be authorised to access Everest’s held personal information; and/or
      • all locations from which personal information is accessed including home and off‐site/remote use.

 

  1. POLICY STATEMENT
    • Everest values the privacy of every individual’s personal information and is committed to the protection of personal information and will strive to:
      • promote an understanding and acceptance of the eight conditions for lawful processing of personal information as specified by POPI throughout the organisation;
      • provide training and awareness about the protection of personal information;
      • handle complaints received in an efficient and appropriate manner; and
      • monitor compliance and keep the organisation informed of updates to the legislation and internal policies and procedures.

 

  1. PERSONAL INFORMATION
    • The following information is considered as personal information, but this list is not exhaustive:
      • Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
      • Information relating to the education or the medical, financial, criminal or employment history of the person;
      • Any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignments to the person;
      • Personal opinions, views or preferences of the person;
      • Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
      • The views or opinions of another individual about the person; and
      • The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person
    • Generally, we use your personal information to answer your requests, process your orders or provide access to specific information or offers on basis of your consent, justification and objections as per POPI.
    • We will not collect any personal information via our Platforms without your consent. You alone decide whether you want to disclose any such data, for example, as part of a registration, order or survey.
    • When registering as a user on our Platforms, you will be required to provide the following information:
      • Your name and surname;
      • Your email address;
      • Your physical address;
      • Your gender;
      • Your mobile number; and
      • Your date of birth.
    • You may, at your own discretion, elect to provide additional personal information.

 

  1. CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION
    • Accountability:
      • Everest will ensure that the conditions for lawful processing of personal information set out in POPI, and all measures required to give effect, are complied with.
      • All personal information will be identified internally. Accountability will commence upon the information being received or requested and the purpose for processing determined and will thereafter apply throughout the lifecycle of the processing, until the record has been destroyed.
    • Processing limitation
      • Personal information shall be processed lawfully and in a manner that does not infringe your privacy. Personal information may only be processed, given the purpose that it is adequate, relevant, and not excessive.
      • Personal information shall only be processed if:
        • you have given consent to the processing;
        • processing is necessary to meet any obligation imposed upon Everest in your dealings with Everest, which includes, but is not limited to, the ordering, sale and delivery of any goods or services;
        • processing is necessary to comply with a legal obligation;
        • processing is necessary to protect your legitimate interest;
        • processing is necessary to pursue the legitimate interests of Everest; or
        • processing is necessary for the performance of a public duty by a public body.
      • You may withdraw consent at any time, however, such withdrawal will not affect the lawfulness of the processing of the personal information that has been processed before the withdrawal.
      • Personal information will be collected from you directly, unless:
        • the information is obtained from a public record;
        • you consented or allowed the personal information to be collected from another person or entity;
        • the processing and collection by a third party does not prejudice your legitimate interests; or
        • the collection is necessary to comply with a legal obligation.
      • Purpose specification
        • Subject to clause 5.2 above, unless consented to, your personal information shall:
          • Be used for no purpose other than:
            • in relation to the ordering, sale and delivery of any goods or services;
            • in relation to fulfilling any obligation bestowed upon us in your dealings with us;
            • to contact you regarding new features, special offers, promotional competitions or any goods or services offered by us or any of our divisions, affiliates and/or partners; and
            • to improve our product selection and your experience on our Platforms.
          • Not be disclosed to any third-party other than:
            • to our employees and/or service providers who assist us in performing our obligations to you and during the course of any such performance;
            • to our divisions, affiliates and/or partners (including their employees and/or third-party service providers) for marketing related purposes as provided for above;
            • to law enforcement, government officials, fraud detection agencies or other third-parties where such disclosure is believed to be necessary to comply with a legal obligation or legislation, to prevent physical harm or financial loss, to report or support an investigation into suspected illegal activity, or to investigate any violation of Everest’s Terms and Conditions;
            • to our suppliers where such disclosure may be necessary in order for them to contact you, such as, for example, in the event of faulty goods being supplied and their involvement may be necessary; and
            • to our suppliers or any other third-party for purposes of furnishing you with an invoice.
          • Duration of retention
            • Your personal information shall not be retained for a period longer than necessary to achieve the purpose for which such personal information was processed.
            • Personal information can be retained for an extended period under the following conditions:
              • when the prolonged retention is reasonably required for specific lawful purposes;
              • when prolonged retention is required due to any obligation imposed upon Everest in its dealings with you;
              • you consented to further retention of the information; and
              • if it is for historical, statistical or research purposes and provided that it is not published in an identified form.
            • Destruction of personal information shall be in a manner that prevents reconstruction in an intelligible form.
          • Further processing limitation
            • Further processing of personal information shall be in accordance with or compatible with the purpose for which it was collected.
            • Where further processing is not compatible with the original purpose, it will be allowed where:
              • you have consented to such further processing;
              • the information was derived from a public record;
              • further processing is necessary to comply with a legal obligation or legislation;
              • further processing is necessary to avoid serious harm or imminent threat to public health or safety;
              • further processing is necessary to prevent physical harm or financial loss;
              • the personal information is used for historical, statistical or research purposes and we can ensure that it will not publish the information in an identified form; or
              • further processing is in accordance with an exemption granted by the Regulator.
            • Information quality
              • Everest will take reasonable steps to ensure that the personal information processed is correct, accurate, complete, reliable and updated where necessary.
              • You have the right to update and correct any of your personal information, and it is your duty to ensure that all your personal information is true, current, accurate and correct.
              • Everest, upon your request, shall correct or delete any personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
            • Openness
              • Processing of personal information shall be done in an open and transparent manner.
              • Everest will take reasonable steps to ensure that you are aware of the type of personal information being collected, the purpose for which it is being collected, and if not collected directly from you, from where it is being collected.
            • Security safeguards
              • All personal information held by Everest shall be kept safe and secure.
              • Everest will ensure the integrity and confidentially of the personal information under its control, by taking appropriate, reasonable, technical and organisational measures to prevent loss, damage or destruction or unlawful access. This includes the following:
                • identify personal information (structured and unstructured) in all business processes;
                • identify business processing manual controls, application systems and IT process controls, including procedures supporting the complete and accurate processing of personal information;
                • identify all reasonable, foreseeable internal and external risks;
                • establish appropriate safeguards;
                • regularly verify that safeguards are effectively implemented;
                • maintain the capability to detect security breaches;
                • regularly review the contractual obligations of third parties; and
                • prohibit the processing of special personal information.
              • Where services of third-party operators are used by Everest, a written contract shall be in place which ensures that the Operator establishes and maintains the security measures required under POPI.
              • Should Everest become aware of, or where there are reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person, Everest will notify:
                • the Regulator; and/or
                • you, which notification will be communicated to you via the contact information provided.
              • The notification shall provide sufficient information (to the extent that same is readily available) to allow you to take protective measures against any potential consequences of the leak or infringement.

 

  1. COOKIES
    • Everest’s Platforms makes use of “cookies” which automatically collects information and data.
    • Cookies are small text files that are usually saved onto the computer from a Platforms. Cookies serve many different purposes, but they are never precarious as they have no “active” abilities at all. Thus, they cannot run any malicious applications.
    • Almost exclusively, cookies contain information which is required for a comfortable us of the internet.
    • Classic examples for tasks of cookies are:
      • Login data;
      • Saving of shopping basket;
      • User analysis; and
      • Form fields.
    • Information saved in cookies may, amongst others, contain:
      • Lifetime;
      • Server name;
      • Unique I.D; and
      • Content data.

 

  1. RESPONSIBILITIES

Everest recognises its responsibility under POPI and accordingly an information Officer will be appointed and registered with the Regulator to meet its obligations in terms of this policy.

  • The Information Officer is responsible for:
    • providing advice, guidance, and training on information protection responsibilities and compliance with this policy;
    • administering your access requests;
    • liaising with the Regulator;
    • preparing and submitting reporting requirements;
    • co-ordinating the development and delivery of training materials; and
    • recording any incidences of breach of this policy.

 

Technical Information Officer: ________________________________

 

Information Officer: ________________________________________

 

  1. LIMITATION ON LIABILITY
    • Everest shall take all reasonable measures necessary to protect your personal information, but we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in our possession, made by third parties who are not subject to our control, unless such disclosure is as a result of our gross negligence.
    • Everest shall not be liable for any loss or damage, howsoever arising, suffered by you as a result of any information which you disclose to a third-party, including (but not limited to) any third-party affiliated with us in any manner or form in that such third-parties are not subject to our control. In this regard, it is your duty to ensure that you are familiar with the privacy policy of any such third-party.