The Protection of Personal Information Act 4 of 2013 (“POPIA”) gives effect to the right to data privacy of natural and juristic persons in terms of Section 14 of the Constitution of the Republic of South Africa, 1996.
The General Data Protection Regulation (EU) 2016/679 (“GDPR”) protects the fundamental right to the protection of personal data of natural persons in the European Union (and also addresses the transfer of personal data outside of the European Union).
The responsible use of Global Kinetic’s website and related resources in respect of data privacy is important to us. Global Kinetic is committed to protecting the right to privacy of natural and juristic persons and will ensure that each natural or juristic person’s personal information is used appropriately, transparently and according to applicable law.
By filling in your personal information below and clicking the “I AGREE” button, you agree that we may electronically collect, store and/or use your personal information in accordance with this Policy.
In this Policy (as defined below), unless the context requires otherwise, the following words and expressions bear the meanings assigned to them and cognate expressions bear corresponding meanings–
1.1 “Child” means any natural person under the age of 18 (eighteen) years;
1.2 “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information under the control of or in the possession of Global Kinetic;
1.3 “Data Subject” means the Person to whom Personal Information Relates, whether that Person is identified or identifiable;
1.4 “Direct Marketing” means to approach a person, by electronic communication, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject;
1.5 “Direct Marketer” means a supplier who employs Direct Marketing as an advertising mechanism;
1.6 “Employees” means the employees of Global Kinetic;
1.7 “EU” means European Union;
1.8 “GDPR” means the General Data Protection Regulation (EU) 2016/679;
1.9 “Global Kinetic” means Global Kinetic Software Engineers (Proprietary) Limited, registration number 2005/031383/07, with its registered address at Building 4, Central Park on Esplanade, Century City, Western Cape, South Africa;
1.10 “Government” means the Government of the Republic of South Africa;
1.11 “Operator” or “Processor” means a person or entity who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party;
1.11 “PAIA” means the Promotion of Access to Information Act, No 2 of 2000;
1.12 “Person” means a natural or juristic person;
1.13 “Personal Information” means information relating to an identifiable, living, natural person and, where applicable, information relating to an existing juristic person and this includes ‘’Personal Data’’, as used in the GDPR;
1.15 “POPIA” means the Protection of Personal Information Act No. 4 of 2013;
1.16 “Processing” has the meaning ascribed thereto under the POPIA and the GDPR and “Process” has a corresponding meaning;
1.17 “Pseudonymisation” means the processing of Personal Information in such a manner that the Personal Information can no longer be attributed to a specific Data Subject without the use of additional information, provided that such information is kept separately and is subject to technical and organisational measures to ensure that the Personal Information is not attributed to an identifiable Person;
1.18 “Regulator” means the Information Regulator established in terms of section 39 of the POPIA;
1.19 “Responsible Party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information;
1.20 “Special Personal Information” means Personal Information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, sexual orientation, genetic or biometric information or criminal behaviour;
1.21 “Supervisory Authority” means an independent public authority which is established by a Member State of the European Union pursuant to Article 51 of the GDPR; and
1.22 “Third Party” means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and Persons who, under the direct authority of the Controller or Processor, is authorised to Process Personal Information.
2.1 The purpose of this Policy is to inform Data Subjects about how Global Kinetic Processes their Personal Information.
2.2 Global Kinetic, in its capacity as Responsible Party (and/or Operator, where applicable), shall strive to observe and comply with its obligations under the POPIA and the GDPR, as well as accepted information protection principles, practices and guidelines when it Processes Personal Information of or in respect of a Data Subject.
2.3 This Policy applies to Personal Information collected by Global Kinetic in connection with the products and services which Global Kinetic provides. This includes information collected directly from you as a Data Subject, as well as information we collect indirectly through our service providers who collect your information on our behalf.
3.1 Global Kinetic collects Personal Information directly from Data Subjects as and when required for a defined purpose, unless an exception is applicable (such as, for example, where the Data Subject has made the Personal Information public or the Personal Information is contained in or derived from a public record).
3.2 Global Kinetic will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.
3.3 Global Kinetic often collects Personal Information directly from the Data Subject and/or, in some cases, from Third Parties. Where Global Kinetic obtains Personal Information from Third Parties, Global Kinetic will ensure that it obtains the consent of the Data Subject to do so or will only Process the Personal Information without the Data Subject’s consent where Global Kinetic is permitted to do so in terms of clause 3.1 above or in terms of applicable law.
3.4 An example of such Third Parties includes but is not limited to: (i) recruitment agencies; (ii) other companies providing services to Global Kinetic; and (iii) where Global Kinetic makes use of publicly available sources of information (e.g., the Companies and Intellectual Property Commission).
3.5 Where your Personal Information has been collected from such Third party, Global Kinetic will provide you with the necessary information as required by applicable law.
4.1 Where Global Kinetic is the Responsible Party, it will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where –
4.1.1 consent of the Data Subject (or a competent person, where the Data Subject is a Child) is obtained;
4.1.2 processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;
4.1.3 processing complies with an obligation imposed by law on Global Kinetic;
4.1.4 processing protects a legitimate interest of the Data Subject; and/or
4.1.5 processing is necessary for pursuing the legitimate interests of Global Kinetic.
4.2 Global Kinetic will only Process Personal Information where one of the legal bases referred to in paragraph 4.1 above are present. [CLIENT CONFIRM]
4.3 Global Kinetic will make the manner and reason for which the Personal Information will be Processed clear to the Data Subject.
4.4 Where Global Kinetic is relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/her/its consent or may object to Global Kinetic’s Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent or any Processing justified by any other legal ground provided under the POPIA and/or the GDPR.
4.5 If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, Global Kinetic will ensure that the Personal Information is no longer Processed.
5.1 Special Personal Information is sensitive Personal Information of a Data Subject and Global Kinetic acknowledges that it will generally not Process Special Personal Information unless–
5.1.1 Processing is carried out in accordance with the Data Subject’s consent as required by applicable law;
5.1.2 Processing is necessary for the establishment, exercise or defence of a right or obligation in law;
5.1.3 Processing is for historical, statistical or research purposes, subject to stipulated safeguards;
5.1.4 Information has deliberately been made public by the Data Subject; or
5.1.5 Specific authorisation applies in terms of the POPIA and/or the GDPR.
5.2 Global Kinetic acknowledges that it may not Process any Personal Information concerning a Child and will only do so where it has obtained the consent of the parent or guardian of that Child or where it is permitted to do so in accordance with applicable laws.
6.1 Global Kinetic understands its obligation to make Data Subjects aware of the fact that it is Processing their Personal Information and inform them of the purpose for which Global Kinetic Processes such Personal Information.
6.2 Global Kinetic will only Process a Data Subject’s Personal Information for a specific, lawful and clear purpose (or for specific, lawful and clear purposes) and will ensure that it makes the Data Subject aware of such purpose(s) as far as possible.
6.3 It will ensure that there is a legal basis for the Processing of any Personal Information. Further, Global Kinetic will ensure that Processing will relate only to the purpose for and of which the Data Subject has been made aware (and where relevant, consented to) and will not Process any Personal Information for any other purpose(s)).
6.4 Global Kinetic will generally use Personal Information for purposes required to operate and manage its normal operations and these purposes include one or more of the following non-exhaustive purposes – [CLIENT TO TAKE OUT PURPOSES NOT APPLICABLE AND / OR PROVIDE US WITH ANY OTHER PURPOSES]
6.4.1 for the purposes of providing its products or services to customers and, where relevant, for purposes of doing appropriate customer onboarding and credit vetting;
6.4.2 for purposes of onboarding suppliers or service providers as approved suppliers/service providers of Global Kinetic. For this purpose, Global Kinetic will also Process a service provider’s and/or supplier’s Personal Information for purposes of performing the necessary due diligence checks;
6.4.3 generally for procurement and supply purposes;
6.4.4 for purposes of monitoring the use of Global Kinetic’s electronic systems and online platforms by Data Subjects. Global Kinetic will, from time to time, engage Third Party service providers (who will Process the Data Subject’s Personal Information on behalf of Global Kinetic) to facilitate this;
6.4.5 for purposes of preventing, discovering and investigating violations of this Policy, the applicable law and other Global Kinetic policies;
6.4.6 in connection with the execution of payment processing functions, including payment of Global Kinetic’s suppliers’ and/or service providers’ invoices;
6.4.7 for employment-related purposes such as, inter alia, recruiting staff, administering payroll and undertaking background checks;
6.4.8 in connection with internal audit purposes (i.e., ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where required);
6.4.9 in connection with external audit purposes. For this purpose, Global Kinetic engages external service providers and, in so doing, shares Personal Information of the Data Subjects with Third Parties;
6.4.10 for company secretarial related purposes. For this purpose, Global Kinetic will, from time-to-time, collect information relating to Data Subjects from Third Parties such as the Companies and Intellectual Property Commission;
6.4.11 for such other purposes to which the Data Subject may consent from time to time;
6.4.12 for such other purposes as authorised in terms of applicable law; and
6.4.13 to comply with any applicable law or any query from Government authorities,
including any regulatory authority that has authority over Global Kinetic.
7.1 Global Kinetic will take reasonable steps to ensure that all Personal Information is kept by it as accurate, complete and up to date as reasonably possible, depending on the purpose for which Personal Information is collected or processed.
7.2 Global Kinetic may not always expressly request the Data Subject to verify and update his/her/its Personal Information unless this process is specifically necessary.
8.1 Global Kinetic may store your Personal Information in hardcopy format and/or in electronic format using Global Kinetic’s own secure on-site servers or other internally hosted technology. Your Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom Global Kinetic has contracted, to support Global Kinetic’s operations as a software engineer company.
8.2 Global Kinetic’s Third Party service providers, including data storage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.
8.3 Global Kinetic will ensure that such Third Party service providers will Process the Personal Information in accordance with the provisions of this Policy, all other relevant internal policies and procedures, the POPIA and the GDPR.
8.4 These Third Parties do not use or have access to the Data Subject’s Personal Information other than for purposes specified by Global Kinetic, and Global Kinetic requires such parties to employ at least the same level of security that Global Kinetic uses to protect the Data Subject’s Personal Information.
8.5 Your Personal Information may be Processed in South Africa or another country where Global Kinetic, its affiliates and their Third Party service providers maintain servers and facilities and Global Kinetic will take steps, including by way of contracts, to ensure that it continues to be protected, regardless of its location, in a manner consistent with the standards of protection required under applicable law, including the POPIA and the GDPR.
9 PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
9.1 To the extent that Global Kinetic acts in its capacity as a Direct Marketer, it shall strive to observe and comply with its obligations under the POPIA and the GDPR when implementing principles and practices in relation to Direct Marketing.
9.2 Global Kinetic acknowledges that it may only use Personal Information to contact the Data Subject for purposes of Direct Marketing from time to time where it is permissible to do so.
9.3 It may use Personal Information to contact any Data Subject and/or market Global Kinetic’s services directly to the Data Subject(s) if the Data Subject is one of Global Kinetic’s existing clients, the Data Subject has requested to receive marketing material from Global Kinetic or Global Kinetic has the Data Subject’s consent to market its services directly to the Data Subject.
9.4 If the Data Subject is an existing client, Global Kinetic will only use his/her/its Personal Information if it has obtained the Personal Information through the provision of a service to the Data Subject and only in relation to similar services to the ones Global Kinetic previously provided to the Data Subject.
9.5 Global Kinetic will ensure that a reasonable opportunity is given to the Data Subject to object to the use of their Personal Information for Global Kinetic’s marketing purposes when collecting the Personal Information and on the occasion of each communication to the Data Subject for purposes of Direct Marketing. You are accordingly hereby informed of your right to object.
9.6 Global Kinetic will not use your Personal Information to send you marketing materials if you have requested not to receive them. If you request that we stop Processing your Personal Information for marketing purposes, Global Kinetic shall do so. We encourage that such requests to opt-out of marketing be made via forms and links provided for that purpose in the marketing materials sent to you.
10.1 Global Kinetic may keep records of the Personal Information, correspondence, or comments it has collected in an electronic or hardcopy file format.
10.2 In terms of the POPIA and the GDPR, Global Kinetic will not retain Personal Information for a period longer than is necessary to achieve the purpose for which it was collected or Processed and will delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved (“Pseudonymised Data”). This prohibition will not apply in the following circumstances –
10.2.1 where the retention of the record is required or authorised by law or by any Government authority;
10.2.2 where Global Kinetic requires the record to fulfil its lawful functions or activities;
10.2.3 where retention of the record is required by a contract between the parties
10.2.4 where the Data Subject (or competent person, where the Data Subject is a Child) has consented to such longer retention; or
10.2.5 where the record is retained for historical, research, archival or statistical
purposes, provided that the appropriate technical and organisational measures and safeguards required by the GDPR and the POPIA are put in place to prevent use thereof for any other purpose. Accordingly, Global Kinetic will, subject to the exceptions noted in this Policy, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.
10.3 Where Global Kinetic retains Personal Information for longer periods for statistical, historical, archival or research purposes, Global Kinetic will ensure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with this Policy and applicable laws.
10.4 Once the purpose for which the Personal Information was initially collected and
Processed no longer applies or becomes obsolete, Global Kinetic will ensure that the Personal Information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal Information. In instances where we de-identify your Personal Information, Global Kinetic may use such de-identified information indefinitely.
11.1 Should Global Kinetic need to collect Personal Information by law or under its obligations as an employer or product or service provider, and you fail to provide the Personal Information when requested, we may be unable to perform our duties as an employer, in terms of the applicable law or in terms of providing the product to you.
11.2 Should Global Kinetic need to collect Personal Information for any of the purposes set out in clause 11.1 and you fail to provide the Personal Information when requested, your failure to provide such Personal Information may have negative consequences, including that Global Kinetic may not be able to effectively perform its obligations as an employer (where Global Kinetic needs to Process your Personal Information in order to perform its obligations as an employer) or product or service provider (where Global Kinetic needs to Process your Personal Information in order to provide you with its products or services) or has to decline to receive the relevant services from you as a supplier. You will be notified in writing where this is the case.
12.1 Global Kinetic shall preserve the security of Personal Information and, in particular, prevent its alteration, loss and damage, or access by non-authorised Third Parties.
12.2 Global Kinetic will ensure the security and integrity of Personal Information in its possession or under its control with appropriate, reasonable technical and organisational measures to prevent loss, unlawful access and unauthorised destruction of Personal Information.
12.3 Global Kinetic has implemented physical, organisational, contractual and technological security measures (having regard to generally accepted information security practices or industry-specific requirements or professional rules) to keep all Personal Information secure, including measures protecting any Personal Information from loss or theft, unauthorised access, disclosure, copying, use or modification. Further, Global Kinetic maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.
13.1 A Data Breach refers to any incident in terms of which reasonable grounds exist to believe that the Personal Information of a Data Subject has been accessed or acquired by any unauthorised person or entity.
13.2 A Data Breach can happen for many reasons, which include: (a) loss or theft of data or equipment on which Personal Information is stored; (b) inappropriate access controls allowing unauthorised use; (c) equipment failure; (d) human error; (e) unforeseen circumstances, such as a fire or flood; (f) deliberate attacks on systems, such as hacking, viruses or phishing scams; and/or (g) alteration of Personal Information without permission and loss of availability of Personal Information.
13.3 Global Kinetic will address any Data Breach in accordance with the terms of the POPIA and the GDPR.
13.4 Global Kinetic will notify the Regulator and the affected Data Subject (unless the applicable law or a Government authority requires that we delay notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject’s Personal Information as soon as reasonably possible after it has become aware of any Data Breach in respect of such Data Subject’s Personal Information.
13.6 Where Global Kinetic acts as an Operator or Processor for purposes of the POPIA and the GDPR and should any Data Breach affect the data of Data Subjects whose information Global Kinetic Processes as an Operator or Processor, Global Kinetic shall notify the relevant Responsible Party within 72 (seventy-two) hours where there are reasonable grounds to believe that the Personal Information of relevant Data Subjects has been accessed or acquired by any unauthorised person or entity.
14.1 Global Kinetic may disclose Personal Information to Third Parties and will enter into written agreements with such Third Parties to ensure that they Process any Personal Information in accordance with the provisions of this Policy, the POPIA and the GDPR.
14.2 Global Kinetic notes that such Third Parties may assist Global Kinetic with the purposes listed in paragraph 6.3 above – for example, service providers may be used, inter alia –
14.2.1 for data storage;
14.2.2 to assist Global Kinetic with auditing processes (external auditors);
14.2.3 for providing outsourced services to Global Kinetic, including in respect of its (i) legal, (ii) data storage requirements and (iii) upskilling of its Employees; and/or
14.2.4 to notify the Data Subjects of any pertinent information concerning Global
14.3 Global Kinetic will disclose Personal Information with the consent of the Data Subject or if Global Kinetic is permitted to do so without such consent in accordance with applicable laws.
14.4 Furthermore, Global Kinetic may also send Personal Information to a foreign jurisdiction outside of the Republic of South Africa, including for Processing and storage by Third Parties.
14.5 When Personal Information is transferred to a jurisdiction outside of the Republic of South Africa, including to any cloud, data centre or server located outside of the Republic of South Africa, Global Kinetic will obtain the necessary consent to transfer the Personal Information to such foreign jurisdiction or may transfer the Personal Information where Global Kinetic is permitted to do so in accordance with the provisions applicable to cross-border flows of Personal Information under the POPIA, as well as under the GDPR.
14.6 The Data Subject should also take note that the Processing of Personal Information in a foreign jurisdiction, if and to the extent that such Processing does occur, may be subject to the laws of the country in which the Personal Information is held, and may be subject to disclosure to the governments, courts of law, enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
16.1 The POPIA, read with the relevant provisions of the Promotion of Access to Information Act No. 2 of 2000 (“PAIA”) confers certain access rights on Data Subjects. These rights include –
16.1.1 a right of access: a Data Subject, having provided adequate proof of identity has the right to: (i) request a Responsible Party to confirm whether any Personal Information is held about the Data Subject; and/or (ii) request from a Responsible Party a description of the Personal Information held by the Responsible Party including information about Third Parties who have or have had access to the Personal Information. A Data Subject may request:
188.8.131.52 Global Kinetic to confirm, free of charge, whether it holds any Personal Information about him/her/it; and
184.108.40.206 to obtain from Global Kinetic the record or description of Personal Information concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the Personal Information. Such record or description is to be provided: (a) within a reasonable time; and (b) in a reasonable manner and format and in a form that is generally understandable.
16.1.2 a right to request correction or deletion: a Data Subject may also request Global Kinetic to –
220.127.116.11 correct or delete Personal Information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
18.104.22.168 destroy or delete a record of Personal Information about the Data Subject that Global Kinetic is no longer authorised to retain records in terms of POPIA’s retention and restriction of records provisions. On receipt of such a request, Global Kinetic is required to, as soon as is reasonably practicable –
22.214.171.124.1 correct the information;
126.96.36.199.2 delete or destroy the information;
188.8.131.52.3 provide the Data Subject with evidence in support of the information; or
184.108.40.206.4 where the Data Subject and Responsible Party cannot reach an agreement on the request and if the Data Subject requests this, Global Kinetic will take reasonable steps to attach to the information an indication that correction has been requested but has not been made;
16.1.3 a right to withdraw consent and to object to processing: a Data Subject that has previously consented to the Processing of his/her/its Personal Information has the right to withdraw such consent and may do so by providing Global Kinetic with notice to such effect at the address set out in paragraph 19. Further, a Data Subject may object, on reasonable grounds, to the Processing of Personal Information relating to him/her/it.
16.2 Accordingly, Global Kinetic may request the Data Subject to provide sufficient identification to permit access to, or provide information regarding the existence, use or disclosure of the Data Subject’s Personal Information. Any such identifying information shall only be used for the purpose of facilitating access to information regarding the Personal Information.
16.3 The Data Subject can request in writing to review any Personal Information about the Data Subject that Global Kinetic holds, including Personal Information that Global Kinetic has collected, utilised or disclosed.
16.4 Global Kinetic shall respond to these requests in accordance with the POPIA and the PAIA and provide the Data Subject with any such Personal Information to the extent required by law and any of Global Kinetic’s policies and procedures which apply in terms of the PAIA.
16.5 The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information in Global Kinetic’s records at any time in accordance with the process set out in the PAIA for accessing information.
16.6 If a Data Subject successfully demonstrates that their Personal Information in Global Kinetic’s records is inaccurate or incomplete, Global Kinetic will ensure that such Personal Information is amended or deleted as required (including by any Third Parties).
17.1 Global Kinetic will respond to each written request of a Data Subject not later than 30 (thirty) days after receipt of such requests.
17.2 A Data Subject has the right to make a complaint to Global Kinetic in respect of this time-limit by contacting Global Kinetic using the contact details provided in paragraph 19 below.
18.1 Global Kinetic reserves the right to make amendments to this Policy from time-to-time and will use reasonable efforts to notify Data Subjects of such amendments.
18.2 The current version of this Policy will govern the respective rights and obligations between the Data Subject and Global Kinetic each time that the Data Subject accesses and uses Global Kinetic’s website.
19.1 All comments, questions, concerns or complaints regarding your Personal Information or this Policy, should be forwarded to us as follows —
Tel: +27 21 527 0050
Information Officer: Sergio Barbosa
19.2 If a Data Subject is not satisfied with the manner in which Global Kinetic addresses any complaint with regard to Global Kinetic’s Processing of Personal Information, the Data Subject can contact the following offices dependent on the applicable law:
19.2.1 the office of the Information Regulator (South Africa), the details of which are set out below;
Email: firstname.lastname@example.org / complaints.IR@justice.gov.za
19.2.2 The Supervisory Authority of the relevant Member State of the EU or the European Commission;s online complaint procedure available online at: