- Your rights for how we treat your personal information
- How we protect your personal information
- The personal information that we collect
- The way we use your personal information
- Who we share your personal information with
- How you can access your personal information
- Links to third-party websites
- Accountability – we comply fully with the POPI Act by obtaining and using your personal information in a fair and lawful manner.
- Processing limitation – we collect the least amount of personal information that we need to perform the purpose of processing it and we collect it from you directly, other than in exceptional, legitimate instances.
- Purpose specification – we have a specific, lawful purpose for collecting your personal information and we inform you of that purpose.
- Further processing limitation – we may only use the same personal information for additional (further) processing if the new purpose is compatible with the original purpose that we processed the information.
- Information quality – we endeavour to keep your personal information complete, accurate, not misleading and up to date.
- Openness – we ensure that you are fully informed about how we use your personal information before you consent to its collection and processing.
- Security safeguards – we put technical and operational measures in place to ensure that your personal information is not accessed without authorisation, lost, damaged, or destroyed.
- Participation – if you ask, we will tell you what personal information we hold about you, and we will correct any inaccurate information.
About the Personal Information We Collect
Personal information is information that can identify a person or organisation, either on its own, or when it’s combined with other information about that person or organisation.
You do not have to give us your personal information but if you do not give us the personal information that we need, you will not be able to become or remain a member, and we will not be able to honour to our agreement with you if you are an employee, a third party service provider, or a tenant.
The personal information we collect in the ordinary course of business includes:
- Information about you that we need to provide our services.
- Information contained in any electronic, postal and verbal communications between you and us.
- Information we gather when you visit the MCSA-CT website, including the type of browser and operating system that you use, the number of times you access the website, the pages you view, the URLs that you visit, and your IP address.
- Information we collect through cookies. A cookie is a small string of text that a website puts on your device’s browser. It saves information on your browser about your visit to the site. It has a unique identifier (for example, cookie #02468). This helps the website to associate you with later visits to the same site and makes your browsing of our website easier by saving your preferences.
- Social media-tracking pixel tags that allow platforms such as Facebook, Instagram or other social media applications to interact with the MCSA-CT website and give feedback on the usage. We use Google Analytics to help us get a better understanding of how visitors use our website.
- Public personal information we collect when monitoring other websites or digital conversations on public platforms to assimilate people’s opinions about the Club or the mountaineering community in general.
- Information we collect when you take part in any survey with the Club.
- Information we collect to investigate any incidents or complaints associated with Club functioning.
Purpose of Collecting Members' or Applicants' Personal Information
We collect your personal information to enable us to provide membership benefits to you. We may use your personal information to:
- Process and manage your application for membership and to administer your involvement with the Club.
- Tell you about matters relating to your membership and the Club, including but not limited to changes to the Constitution, Club rules, policies and procedures that you must be aware of, notices of meetings and annual general meetings, publishing of financial results, changes in the membership rates, security alerts and administrative messages.
- Communicate with you about events (virtual and actual) and to send press releases.
- Send you newsletters and special notices. You always have the right to opt out, even where you have given your consent previously. Every email message that we send to our list of subscribed members includes a way to opt out, via an ‘unsubscribe’ link at the bottom of the message.
- Deal with your requests and enquiries.
- Carry out security checks such as screening visitors through CCV footage, conducting searches for dangerous weapons and completing the attendance register to ensure that only authorised people enter the premises of the Club.
- Contact you in case of emergency.
- Use your IP address to monitor traffic and gather browsing behaviours of visitors to our website. We will not use your IP address to identify you in any way.
- Perform under a contract or to fulfil statutory requirements.
- Comply with applicable laws and with orders made by regulators, courts, and law enforcement authorities. These include adherence to the Covid-19 protocols.
- Audit, analyse data, conduct research, and analyse trends, usage, and activities on digital platforms in order to improve the Club’s day-to-day operations and services.
When We May Disclose Your Personal Information to Third Parties
With Your Consent
We shall only share your information with others who have a duty to keep it secure and confidential, and where we have a lawful reason for doing so. We shall share only the minimum personal information for the purposes of the disclosure. You hereby consent to us sharing personal information with:
- Our office support staff so that they can administer your membership, manage the accounts, and keep your records up to date.
- The Club’s General Committee and Subcommittees, where relevant.
- The Club’s professional advisors, auditors and relevant sports associations.
- Other third parties, if necessary, when restructuring all or any part of the Club’s activities.
- External service providers, for example IT service providers, data storage, web-hosting and server providers, and administrators. We shall have a data protection agreement in place between ourselves and any entity that processes personal information on our behalf. The contract will require the third party to:
- Process personal information only with our knowledge or authorisation;
- Put in place and maintain effective confidentiality and security measures;
- Inform us immediately of any security breaches.
- Services providers outside of South Africa where either the privacy laws provide similar or more stringent data protection to the POPIA, or we have a contract in place with the service provider stipulating that they protect personal information to the same standards as if they were in South Africa.
Without Your Consent
We may share your personal information without your consent if:
- We have a legitimate business interest (for example, engaging services of a tracing agent or collections agency to follow up unpaid debts);
- We are required to do by law, regulation or court order.
When We May Process the Personal Information of Children
We do not deal directly with anyone under the age of 18 and we do not knowingly collect personally identifiable information from anyone under the age of 18. All personal information about children must be provided to us by the children’s parents or legal guardians. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from anyone under the age of 18 without checking that we have parental consent, we will immediately take steps to remove that information from our database.
We may only process personal information of children under 18 in the following circumstances:
- We have the consent of the child’s parent or legal guardian;
- If the child has already made the personal information public with the consent of their parent or guardian;
- To decide if a child has rights, for example, under the Children’s Act;
- If the information is to be used in an anonymized way for research, statistical or historical purposes;
- To comply with international law;
- The Information Regulator authorises it in exceptional circumstances.
Measures to Protect Your Personal Information
We use various security measures and technologies to protect personal information from unauthorised access, use, disclosure, alteration, or destruction in line with the POPIA.
- We have adopted a Privacy Awareness Culture where our employees are instructed on an ongoing basis to treat your information as confidential.
- We have put in place data protection agreements with third parties with whom we share personal information and require them to institute appropriate security measures to keep it secure.
- The transmission of information to us via the internet or a mobile phone network connection may not be completely secure and where possible we will put the necessary safeguards to eliminate or minimise the risks.
- Our IT systems are in the Cloud and our IT service provider uses firewalls, password access and encryption methods; however, there are always risks that personal information may be accessed by an unauthorised third party through illegal activity. You accept these risks when you apply for membership with us.
- If you use our links to websites or mobile applications that we do not own or control you will need to first review their privacy policies as this policy does not apply to them. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
- We will carry out all due diligence for safeguarding personal information; however, we cannot guarantee its absolute security.
- If a data breach happens, we will inform the Information Regulator and those involved as soon as possible unless law enforcement officials advise us to delay so as not to hamper their investigations.
- When you share personal information or otherwise interact in the public areas with other users, such personal information may be viewed by all users and may be publicly distributed outside. We have no control over this.
How Long We Keep Your Personal Information
Our data retention policy is to keep personal information for the period required by law or according to statutory requirements to help in any investigations.
We will store your personal information for as long as necessary to provide you with access to membership benefits and privileges, resolve disputes and enforce our legal agreements and policies. Certain personal information such as member name, surname, member number, date of birth, date of election, and date of resignation or termination will be kept on the database indefinitely for historical, statistical and research purposes but contact information and member application forms will be deleted or destroyed within one year of resignation or death.
We will also keep usage data for internal analysis for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our systems, or we are legally obliged to retain this data for a longer period.
Transfer of Your Personal Information Outside South Africa or to the Cloud
We may use third-party providers who provide services that involve processing personal information outside of South Africa or in the Cloud. We will ensure that any third party that we transfer personal information to protects it in the same way as if it was being used in South Africa. This means that the third party is subject to either a law or a contract that upholds principles of reasonable processing of the information and that is substantially similar to the principles contained in the POPIA and any Cloud Data Policy that may come into effect.
You consent to our transferring personal information to third-party providers outside of South Africa or to the Cloud for the purposes of storing personal information.
Your Rights Relating To Your Personal Information Held With Us
You have the right to:
- Ask us for access to the personal information we hold about you;
- Ask us to correct inaccurate information;
- Ask us to delete your personal information (there may be limits on when we can do this but we will let you know at the time you ask);
- Object to or ask us to restrict the processing of your personal information;
- Withdraw your consent to the processing of your personal information if it was previously given (in which case this does not invalidate processing we carried out with your consent previously);
- Withdraw your consent to receiving member communication emails by UNSUBSCRIBING (however, you may not opt out of certain communication e.g. membership accounts or notices of subscriptions due);
- Ask us to digitally receive or send your personal information to another person or organisation;
- Lodge a complaint with the Information Regulator, if you believe we are using your information unlawfully, and you have first attempted to resolve the matter with us directly.
Links to Third Party Websites
Our designated Information Officer, who is the person responsible for compliance with the conditions for the lawful processing of personal information and dealing with any matters relating to the POPI Act, is the General Committee Treasurer. In case of questions regarding this policy the Information Officer can be contacted via email@example.com.