top of page

DATA PRIVACY POLICY FOR CUSTOMERS

1. Definition

Blue Coat IT (Pty) Ltd (“BCI”) respects your privacy, and protection of your personal information is important to us. This policy’s wording attempts to match that of the Protection of Personal Information Act 4 of 2013 (‘POPIA”) and the POPIA definitions should be applied to the below wording accordingly.

2. Introduction

  1. In the course of BCI providing Services to You, there is a likelihood that BCI will receive, be exposed to and/or Process the Personal Information of Data Subjects.

  2. BCI’s Terms and Conditions, available on our website at www.bluecoat.co.za, at paragraph 23 demonstrate our contractual and statutory obligations to You.

​

3. BCI’s obligations and Yours with regard to Your Data

  1. BCI shall, in providing the Services, comply with this Data Privacy Policy relating to the privacy and security of Your electronic/digital Personal Information (referred to interchangeably as “Data” below).

  2. If BCI Processes any Personal Information on Your behalf when performing its obligations under the agreement with You, it is recorded that You shall be the Responsible Party as defined in POPIA.

  3. You shall have an obligation to ensure that You are entitled to transfer the relevant Personal Information to BCI so that BCI may lawfully use, Process and transfer the Personal Information in accordance with its agreement with You on Your behalf.

  4. You are furthermore required to ensure that the relevant third parties have been informed of, and have given their consent to, such use, Processing, and transfer as required by POPIA.

  5. BCI shall Process the Personal Information only in accordance with the terms of its agreement with You and any lawful instructions reasonably given by You from time to time. Should You have any specific additional processing requirements and instructions to BCI, as the Operator, with regard to the Processing of Personal Information, which may form part of Your Data, then You, as the Responsible Party, are required to complete Your Information Schedule attached hereto as Annexure A. It will be BCI’s responsibility to ensure that the completed Annexure A is stored in a dedicated folder and that the additional requirements and instructions identified by You are adhered to.

  6. BCI shall not otherwise modify, amend or alter the contents of such Personal Information or disclose or permit the disclosure of such Personal Information to any third party, unless specifically authorised to do so by You.

  7. Your Data received by BCI shall be hosted by a third party service provider of BCI’s choice.

  8. BCI acknowledges that Your Data is confidential information. Your Data will be classified as being secret with only authorised BCI staff allowed access to Your Data.

  9. BCI shall assist You to comply with any requests for access to Personal Information received by You from Data Subjects and, at Your request, BCI shall provide You with a copy of any Personal Information held by BCI in relation to a specified Data Subject. BCI reserves the right to levy the prescribed fee to adhere to such requests from You. BCI agrees that notwithstanding the confidentiality provisions of the agreement between BCI and You, You may disclose to a Data Subject that BCI has been or is involved in Processing such Data Subject's Personal Information.

  10. BCI shall under written instruction and authority of You, provide all assistance required for You to discharge Your duties as Responsible Party relating to a requirement by the Regulator (a) for You as Responsible Party to submit an independent auditor’s report or other information relating to interference by the Responsible Party with the Personal Information of a Data Subject, (b) that You are processing Personal Information in accordance with legislation, or (c) that You are otherwise compliant with any other relevant legislation. BCI reserves the right to levy an administration fee to provide the assistance to You as provided for in this paragraph.

  11. BCI shall, at Your request, return or destroy all Personal Information in the possession or control of BCI, including in accordance with any specific retention, destruction and purging requirements as may be prescribed by You. BCI reserves the right to levy an administration fee to You to comply with a request as per this paragraph.

  12. As noted, the Personal Information of a Data Subject shall be labelled as secret information and shall be Processed and handled by BCI accordingly. Any Processing of Personal Information for You shall be conducted separately from Personal Information, data and property relating to BCI or any third party and may not be combined or merged with information of another party.

 

4. Security

Both BCI and You shall take appropriate technical and organisational measures to ensure that all Personal Information communicated, including, without limitation, any digital communication or any Personal Information stored in digital form shall be secured against being accessed or read by unauthorised parties, using appropriate security safeguards, having due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.

​

5. Notification of a Personal Information Security Breach

  1. BCI shall notify You in writing, immediately, if possible, but as soon as reasonably possible after becoming aware of or suspecting any unauthorised or unlawful use, disclosure or processing of Personal Information, taking into account the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of the Operator’s information system, and comply with the following:

    1. take all necessary steps to mitigate the extent of the loss or compromise of Personal Information and to restore the integrity of the affected information systems as quickly as possible;

    2. furnish You with details of the Data Subjects affected by the compromise and the nature and extent of the compromise, and if known, include details of the identity of the unauthorised person who may have accessed or acquired the Personal Information;

    3. provide You with a report on its progress in resolving the compromise at reasonable intervals but at least once per week following the initial notification to You, until such time as the compromise is resolved;

    4. in consultation with You and where required by law notify the South African Police Service; and/or the National Intelligence Agency; and

    5. only upon request by You, or otherwise if required by law, notify the Regulator and/or the affected Data Subjects. Any such notification shall be in a form prescribed by You or the Regulator, as the case may be, if applicable, and contain such information as is specified by You and or the Regulator. Notwithstanding the foregoing, a notification to a Data Subject shall always include sufficient information to allow the Data Subject to take protective measures against the potential consequences of the compromise.

 

6. Disclosure required by law

  1. In the event that BCI is required to disclose or Process any Personal Information required by law, regulation or court order, or if the Processing of such Personal Information is required to enable a public body to properly perform a public law duty to carry out actions for the conclusion or performance of a contract to which the Data Subject is a party, is necessary for pursuing the legitimate interests of You, a third party to whom the information is supplied, or a Data Subject, or complies with an obligation imposed by law on You, BCI:

    1. will advise You thereof prior to disclosure, if possible. If prior disclosure is not possible, BCI shall advise You immediately after such disclosure;

    2. will take such steps to limit the extent of the disclosure or Processing insofar as it reasonably practically and legally can;

    3. will afford You a reasonable opportunity, if possible and permitted, to intervene in the proceedings; and

    4. will comply with Your requests as to the manner and terms of any such disclosure or Processing, if possible and permitted.

 

7. Transfer of Personal Information

  1. BCI shall ensure that no Personal Information is transferred outside of the Republic of South Africa unless:

    1. You provide prior written consent to the transfer;

    2. the recipient is subject to a law, code of conduct or contract which provides comparable protection for the Personal Information as the protections contained in POPIA, including similar provisions relating to the further transfer of the Personal Information;

    3. the transfer is necessary for the performance of a contract between the Data Subject and You, or a contract between You and BCI which is in the interest of the Data Subject; or

    4. the transfer is for the benefit of the Data Subject and it is not reasonably practicable to obtain the consent of the Data Subject, and if it were reasonably practicable to obtain such consent, the Data Subject would be likely to give it.

​

8. Retention and Destruction requirements

  1. BCI shall be required to comply with Your destruction and retention policies either set forth in the agreement between BCI and You or as may be communicated to BCI. In particular, BCI shall store all Personal Information which it Processes for the minimum time periods as are stipulated by You and shall be required to destroy all Personal Information relating to the Data Subjects in compliance with the destruction time periods and in accordance with Your specified destruction procedures and methodology. BCI reserves the right to levy an administration fee to You to comply with Your requirements in this regard.

 

9. Direct marketing

  1. All Data Subjects have the right to object to their Personal Information being Processed for the purposes of direct marketing by Electronic Communication.

  2. Direct marketing is, however, permitted if the Data Subject is an existing customer of BCI and BCI has obtained his or her details through the sale of a product or service or where the marketing communication is for the purpose of directly marketing similar products or services of BCI and the Data Subject has been given the opportunity to object, free of charge and without unnecessary formality, to the use of his or her Personal Information at the time of collection and on each occasion of direct marketing (unless consent has already been refused).

  3. Should an existing customer of BCI require that BCI send marketing communications to Your clients, the obligation will be on You to obtain the required consent from its clients in this regard and as provided for in the relevant Data Protection Legislation.

 

ANNEXURE A

INFORMATION SCHEDULE TO BE COMPLETED BY YOU

 

 

You name:                                                                          

 

 

Service(s) provided by BCI

Specific retention requirements and security measures:

​

Additional processing instructions:

  • Destruction requirements

  • Retention Requirements

Security Measures:

Additional processing instructions:

Destruction requirements:

bottom of page