The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons).
This policy complies with the POPI Act and the EU GDRP regulations.
KSF is, for the purposes of this notice, both a controller and a processor of personal data. This notice will also detail third party organisations KSF works with who act as processors for the purpose of providing a better customer experience.
At KSF we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
About the Company:
Knysna Speed Festival (Pty) Ltd is an events management company.
The information we collect:
We collect and process your personal information mainly to contact you for the purposes of understanding your requirements and delivering services accordingly. For this purpose, we will collect contact details including your name and email address.
When do we collect data?
- When you enter any of our events
- When you apply for any form of accreditation to any of our events
- When you subscribe to any of our eNewsletters or enter any of our events.
- When you make an online purchase via our ticketing service provider and or cash out your electronic card or wristband (in which case we just collect transaction-based data, plus your email address).
- When you engage with us on social media.
- When you contact us by any means with queries, complaints etc.
- When you enter prize draws or competitions.
- When you choose to complete any surveys we send you or you compete at the event.
- When you comment on or review our products and services. Any individual may access personal data related to them, including opinions.
- When you fill in any forms including but not limited to pre-order forms online or at any shows or exhibitions.
- When you have given a third-party permission to share with us the information they hold about you.
- When you use our venues which have CCTV systems operated for the security of both customers and staff. These systems may record your image during your visit.
- When you fill in forms on the websites including contact forms or enquiry forms.
What data do we collect?
- All online competitor entries will require all or some of master data consisting of, but not limited to, name, identity / passport number, gender. Date of birth, age, physical and/or postal address, billing/delivery address, email address, phone number, next of kin / emergency contact and number, medical insurance provider and membership number, and vehicle details.
- In addition to transactions requiring master data we may also require individual data to fulfil other transactions. For example, we will record your social media username to respond to queries via our social media channels, or your email address and name if you subscribe to our eNewsletters.
- We keep records of your entry history. We do not keep records of any payment card details where relevant.
- Records of communications with us by email, post, via shops or social media.
- Details of your interactions with the websites and emails. Examples of this would include complaints and queries about products and services, items added to basket, products viewed, vouchers redeemed, and media codes utilised.
- Details about how you found the websites, where you arrived from, pages viewed and time of browsing. For the purposes of website security analysis we may internally log your IP address.
- Your image may be recorded on CCTV when you visit the various event venues.
- Your movement might be tracked via electronic access armbands albeit that these armbands do not have any of your personal details linked to them.
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
- Our website search engine is built and maintained by S2 Web Solutions. Search terms are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by KSF.
Cookies are files placed on your device when you access the website. It allows the website to recognise your device and store some information about the user’s preferences or past actions.
We must ask your consent to place cookies on your device, except where the cookie is essential to provide you a service you have requested.
Why do we process your data?
Predominantly to deliver event entry, access and communications to you as requested.
In instances where you are entering events or purchasing goods from us we want you to have a pleasant, enjoyable and rewarding experience. We process your data to provide the best customer experience we can, and to continually strive to improve that for you. To improve our services we need to study how and why our customers utilise our websites and the best way to do that is to collect the data we do.
We then use the data to customise the experience of our events, websites, the content of our newsletters and emails, and our social media marketing campaigns to fit with your interests and previous behaviour.
The use of this data in this way is covered under the legitimate use basis of POPI and GDPR – our business, and the provision of goods and services to you in an efficient and knowledgeable way is enhanced using your data in this way.
Of course, you can choose to change what data you provide and reserve consent on certain contact methods, however, we might not be able to serve you in the way in which you want to be served if you do choose to reserve your consent in this way.
How we use your information?
We will use your personal information only for the purposes for which it was collected and agreed with you. In addition, where necessary your information may be retained for legal or research purposes.
This can include:
- To process any orders that you place using our websites, phone lines, catalogues, promotions or retail outlets. We cannot process any order without full master details. In certain circumstances we will have to share the details of your order with third parties for fulfilment. Examples of this include Motorsport South Africa, Cycling South Africa, RaceTec, medical services, fulfilment agencies, event volunteers, partner hotels, etc. In these instances we always ensure third parties are supplied the minimum information and apply the same rigorous standards when handling your data.
- To respond to reviews, requests, complaints and other enquiries. When you contact us in these instances we need to use your data to enable us to respond fully and accurately. We may also keep a record of these interactions to ensure we respond fully and accurately to any future communication with us, and to show the history of our communications with you. We have an obligation to retain this data for legal purposes and in the legitimate interests of our business.
- We use your personal data, to protect your account and our business from fraud. We do this based on legitimate business interests.
- To protect our staff, business and customers from crime and enhance safety we may use CCTV on our premises. Your image may be recorded when you visit our events or offices. The data we collect is stored for 24 hours. We do this based on legitimate business interests.
- To process payments and to protect you from fraud. We do this based on legitimate business interests.
- To communicate with you about your entry, account, your orders, updates to terms and conditions, this policy and similar reasons. These messages do not contain promotional content and do not require specific prior consent as we could not comply with our obligations without the use of your data.
- With your consent we will use your data to communicate with you via email, telephone and internet to let you know about news, special offers, new products, discounts, competitions and similar. You can opt out from any or all these channels at any time.
- Where we hold a postal address for you we may send you relevant communications by post in relation to special offers, new products, discounts, competitions and similar. We will do this based on legitimate business interest. You can opt out of receiving information by post at any time.
- To administer prize draws, competitions and so on, based on the consent your grant upon entering the competition.
- To send you survey requests, review requests and feedback on our events, goods and services. These requests do not contain promotional material and do not require prior consent as they are intended to help improve our service to you. You can unsubscribe from these emails at any time.
- We combine data about you from multiple sources to form a richer picture of you and our customer base to inform business decisions and to make your customer experience a better one.
Disclosure of information
We may disclose your personal information to our service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements as required by the Protection of Personal Information Act.
We may also disclose your information:
- Where we have a duty or a right to disclose in terms of law or industry codes.
- For the prevention and detection of crime and to comply with court orders, to comply with our contractual or legal obligations to share data with law enforcement.
- Where we believe it is necessary to protect our rights.
How long will we keep your personal data?
- In the case of event entries and any sales related information we have a statutory obligation to hold the data for a period of five years for accounting and auditing purposes. In some instances that period may be extended but we will never keep the data for longer than is strictly necessary.
- Where we hold data from competitions, surveys, promotions or similar and the respondent is not otherwise a KSF paying customer we will hold the data for as long as is necessary for the original purpose for which the data was collected, or twelve months, whichever is shorter.
In all circumstances we will not hold your data for longer than is necessary for the purpose for which it was collected, at the end of that period we will delete or completely anonymise the data.
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
- Physical security.
- Computer and network security.
- Access to personal information.
- Secure communications.
- Security in contracting out activities or functions.
- Retention and disposal of information.
- Acceptable usage of personal information.
- Governance and regulatory issues.
- Monitoring access and usage of private information.
- Investigating and reacting to security incidents.
In the process of doing business and providing services to you we may share your data with selected trusted third parties who help to facilitate our business processes.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
- All our third-party partners operate in compliance with POPI and GDPR rules.
- They may only use your data for the exact purposes we specify – third party partners cannot use your data for their own purposes, resell or share your data with other companies.
- If we cease to operate with any third party partner they must destroy any data we have shared with them.
- We vet any potential third party partner to ensure they employ the highest standards of security to ensure data is always safe.
- We only share data relevant to the service our third-party partners provide – we do not make all your data available by default.
What sort of third-party partners do we work with?
- Sports controlling bodies such as Motorsport South Africa and Cycling South Africa.
- Local authorities such as the Knysna Municipality.
- Delivery Services, couriers, postal aggregators etc.
- Suppliers such as RaceTec, ZA Timing, Bright’s Motorsport Services, ER24, Frontier Medical Services and Howler – these companies only process your data for the purpose of fulfilling your entry, ticket or merchandise purchase, medical requirements, and the like. The data is not used for any other purpose.
- Where relevant travel and accommodation suppliers including airlines, hotels, campsites, car hire companies, aggregators and other suppliers.
- Website and email services such as SendInBlue.
- Software companies who provide services to KSF.
- Payment service providers including Howler and RaceTec.
- Google, Facebook, Instagram, Twitter to show you products that might interest you whilst you are browsing the internet.
- Professional advisors such as auditors.
- Statutory authorities.
Sharing your data with third party partners for their own purposes
Our general policy is to not share your data with any third parties for their own purposes unless it is to comply with law enforcement, statutory authorities or regulatory bodies. Requests of this nature will be handled on a case-by-case basis.
However, in very specific circumstances we may enter into an agreement with a third party which requires us to share your data in a way that it will be controlled and processed by a third party.
Examples are joint promotions with third parties – this would still require you to tick a box to show your consent for us to share your data with the third party for their marketing purposes.
Sale of the business: If KSF were to sell any or all parts of the business your data – under the terms of this privacy notice – may be transferred to the new owner.
Your Rights: Access to information
Your rights over your data are clear:
- The right to be informed.
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing.
- The right to data portability
- The right to object
This Privacy Notice informs you of how, why and when we collect and process your data, and of your rights over your data.
You have the right to request a copy of the personal information we hold about you. To do this, simply contact us at firstname.lastname@example.org or on the numbers/addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
Please note that any such access request may be subject to a payment of a legally allowable fee.
Correction of your information
You have the right to ask us to update, correct or delete your personal information in instances where you cannot do it yourself via our computer systems. We will require a copy of your ID document to confirm your identity before making changes to personal information we may hold about you. We would appreciate it if you would keep your personal information accurate.
Definition of personal information.
According to the Act “personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Further to the POPI Act and GDPR, KSF also includes the following items as personal information:
- All addresses including residential, postal and email addresses.
- Change of name – for which we require copies of the marriage certificate or official change of name document issued by the state department.
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, we may require Your parent’s consent before We collect and use that information.
Links to Other Websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
How to contact us
If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at email@example.com or the numbers/addresses listed on our website.
Knysna Speed Festival (Pty) Ltd, 110 Thesen House, 6 Long Street, Knysna, WC, 6571, South Africa