© Copyright 2018. All rights reserved. Version:1.0
This policy applies to all visitors to our website and customers who have subscribed to the services we offer (“you” and “your”).
2. Purpose of this policy
We respect your privacy and take the protection of personal information
very seriously. The purpose of this policy is to describe the way we
collect, store, use and protect information that can be associated with a specific natural or juristic person and can be used to identify that person (“personal information”).
Certain information collected on registration (see below); and
optional information that you voluntarily provide to us (see below).
information that has been made anonymous so that it does not identify a specific person;
permanently de-identified information that does not relate or cannot be traced back to you specifically; non-personal statistical information collected and compiled by us and information thatyou have provided voluntarily in an open, public environment or forum including (without limitation) any blog, chat room, community, classifieds or discussion board. Because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject toprotection under this policy.
3. Acceptance of terms
Automatic acceptance of all the terms of this policy is assumed when you register for any of our services based on assumption that you have read and understood all terms and conditions if you register for or use any of the services offered on a TGG site.
If you do not agree with anything in this policy, then you may not register
for and/or use any of the services. You may not access our website or use
our services if you are younger than 18 years old or do not have legal capacity to conclude legally binding contracts.
By accepting this policy, you are deemed to have read, understood, accepted,
and agreed to be bound by all its terms.
We may change the terms of this policy at any time. We will notify you of any changes by placing a notice in a prominent place on the website or by communication of any type. If you do not agree with the change you must stop using the services. If you continue to use the services following notification of
a change to the terms, the changed terms will apply to you and you will be deemed to have accepted such terms.
5.1. On registration.
Once you register on our website, you will no longer be anonymous to us as you are required to provide us with personal information. This personal information will include:
– Name, surname, company name, company registration number, VAT number
– Postal address, email address, telephone number, postal code
– Unique user ID, password
5.2 Collection on use.
In order to provide the Services to you, you will be asked to provide us with additional information on a voluntary basis such as (“Service information”).
5.3 Optional details.
You may also provide additional information on a voluntary basis (“optional information”). This includes content or product that you decide to upload or download from our website or when you enter competitions, take advantage of promotions, respond to surveys, register and subscribe for certain additional services, or otherwise use the optional features and functionality of the website.
5.4 Collection from browser.
Please note that other websites visited before entering our website might place personal information within your URL during a visit to it, and we have no control over such websites. Accordingly, a subsequent website that collects URL information may log some personal information.
When you access our website we may send one or more cookies (small text files containing a string of alphanumeric characters) to your computer to collect certainusage information. We use information gathered by cookies to improve the website.
5.6 Web beacons.
Our website may contain electronic image requests (called a “single-pixel gif” or “web beacon” request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor or share any of your personal information. We merely use them to compile anonymous information about our website.
5.7 Purpose for collection.
We may use any serviceinformation and optional information provided by you for such purposes as indicated to you at the time you agree to provide such optional information. We may use your usage information for the purposes described in 5.4 and 5.5 above and to:
– remember your information so that you will not have to re-enter it during your visit or the next time you access the website;
– monitor website usage metrics such as total number of visitors and pages accessed; and
– track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.
6. Consent to collection
We will obtain your consent to collect personal information:
– In accordance with applicable law; and
– At the time you provide us with any registration information and optional information.
7.1Messages and updates.
We may send administrative messages and email updates to you regarding the website. In some cases, we may also send you primarily promotional messages. You can choose to opt-out of promotional messages.
Our service providers under contract who help with parts of our business operations (fraud prevention, bill collection, marketing, technology services). Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit;
Credit bureaus to report account information, as permitted by law;
Banking partners as required by credit card association rules for inclusion on their list of terminated merchants (in the event that you utilise the Services to receive payments and you meet their criteria);
If you contact us regarding your experience with using any of our products, we may disclose your personal information as required of by law or governmental audit.
8.3 Law enforcement.
We may disclose personal informationif required:
– by a subpoena or court order;
– to comply with any law;
– to protect the safety of any individual or the general public;
– to prevent violation of our terms of service.
8.4 No selling.
8.5 Marketing purposes.
We may disclose aggregate statistics (information about the customer population in general terms) about the personal information to advertisers or business partners.
8.6 Change of ownership.
If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity.
We will disclose the transfer on the website. Ifyou are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.
We may need to disclose personal information to our employees that require the personal informationto do their jobs.
9. Security of personal information
We protect your personal information using computer safeguards such as firewalls and data encryption to protect personal information, and we authorize access to personal informationonly for those employees who require it to fulfil their job responsibilities.
10. Accurate and up to date
We will try to keep the personal information we collect as accurate, complete and up to date as is necessary for the purposes mentioned in clause 5.7. From time to time we will request you to update your personal information on the website. You are able to review or update any personal information that we hold on you by accessing your account online or by emailing us or phoning us. Please note that in order to better protect you and safeguard your personal information, we do may take steps to verify your identity before granting you access to your account or making any corrections to your personal information.
11. Retention of personal information
We will only retain your personal information for as long as it is necessary to fulfill the purposes mentioned in clause 5.7, unless:
– retention of the record is required or authorised by law; or
– you have consented to the retention of the record.
During the period of retention, we will continue to abide our non disclosure obligations and will not share or sell your personal information.
12. Transfers of personal information outside South Africa
We may transmit or transfer personal information outside South Africa to a foreign country.
Personal information may be stored on servers located outside South Africa in a foreign country whose laws protecting personal information may not be as stringent as the laws in South Africa. You consent to us processing your
personal information in a foreign country whose laws regarding processing of
personal information may be less stringent.
13. Updating or removing
You may choose to correct or update the personal information you have submitted to us, by clicking the menu in any of the pages on our website.
We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of any third party websites.
TGG policies and commitment to
At Media Monsters, we put trust at the foundation of our client relationships and are committed to protecting the privacy of individuals whose information is in our custody. We take the security of the personal data very seriously and understand that privacy is not just an essential part of what we do, but also a core concern for our business.
Media Monsters’ policy is to comply with local laws that apply to our business related to the use of personal data and to ensure that we meet the applicable standards set out in such laws.
We have existing processes and procedures in place to meet the requirements of the current privacy regulatory regime, and we are in the process of developing these to attain GDPR compliance in advance of its implementation in May.
Our plans for GDPR compliance
In order for Media Monsters to prepare for the introduction of the GDPR and achieve our compliance, we have established an overarching business strategy that is designed to allow every part of our business to understand the scope of our privacy obligations, the rules applicable to personal data, and the steps that need to be taken to avoid a privacy breach under the GDPR.
Core to our strategy are the GDPR’s six data processing principles, which set out that personal data must be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary;
- accurate and, where necessary, kept up to date;
- retained only for as long as necessary; and
- processed in an appropriate manner to maintain security.
Our compliance strategy consists of various separate and overlapping parts that we have summarised below.
Internal audit, data mapping and gap analysis
We have carried out audits of all personal data processed by Media Monsters and from this mapped the route from acquisition through all aspects of its processing to verify where data is located, why we gather it, and how we process it.
We have recorded instances where data is transferred, or stored, and have also undertaken Data Privacy Impacts Assessments (DPIAs) of all of our existing core business functions where a high risk to the rights of data subjects has been identified.
From our audit and mapping exercises, we have been able to identify all processing activity across our business and used this to compile an inventory of processed personal data, which we have assessed against the standards of the GDPR, both from a data controller and data processor perspectives, to inform areas of strength and those that required development to allow Media Monsters to provide an evolving and enhanced service to our clients.
Governance, documentation and accountability
In order for Media Monsters to demonstrate our compliance with GDPR, the following action points have been or will be implemented:
- We have adopted and will maintain internal policies and measures which embrace data protection by design and data protection by default.
- Media Monsters will publish a revised privacy statement (Privacy Notice) that will clearly and transparently set out the purpose/s for which we intend to process personal data and the information that we may need to be provided to enable Media Monsters to process that personal data fairly and in accordance with the GDPR.
- Updated Terms and Conditions of Use will be issued to our clients in respect of the Media Monsters services provided in order to ensure that appropriate contractual arrangements are in place governing the flow of personal data as required under the GDPR.
- Technical and organisational measures have already been implemented to protect all personal data that we process from unauthorised or unlawful processing and against accidental loss, destruction or damage, including encryption of data in transit and at rest, physical protection of data as well as educating teams about how to handle personal data.
- Media Monsters relies on standard information security practices for aspects of GDPR compliance, including robust physical data centre security and secure infrastructure management.
- Media Monsters will engage with our product development, customer support and infrastructure teams to review our systems, processes and products, and to make appropriate changes in compliance with GDPR requirements.
- Consent notices will be distributed where necessary, to ensure that personal information is processed fairly and lawfully by Media Monsters.
- We are committed to the education and training of our employees, officers and other individuals who work for Media Monsters, about GDPR.
- We will also be establishing clear communication channels to allow our personnel, clients and other relevant third parties to report breaches or violations of the GDPR.
The GDPR is not a static process, and Media Monsters will continue to implement and improve our data protection practices on an ongoing and evolving basis.
Media Monsters is committed to ensure a sustained culture of privacy by design within our business by using appropriate technical and organisational measures to ensure that personal data (and any new processes we use to process such data) is secure, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage through continued training, testing, document review and risk screening at every level.
What to do if you have further questions
If you would like any additional information regarding our procedures and commitment in becoming GDPR compliant, or any further information regarding your legal rights, please contact our customer service team by email at firstname.lastname@example.org
For more information on GDPR Please visit the UK Commissions Information Office website.
Current as at May 1 2018