Privacy Statement - Contractors, Consultants and Service Providers
For purposes of this Policy:
“Applicable Laws” means, local, foreign and international laws, regulations, treaties and codes, for example: Administrative Laws, Financial and Tax Laws, Company Laws, Procurement Laws and Health and Safety Laws.
"Contractors", “Consultants”, “Service Providers” or “you” means any prospective, new or existing contractor, consultant or service provider of the DBSA; and
"DBSA", "Bank" or “we” means the Development Bank of Southern Africa Limited, acting in our capacity as principal or agent.
It is important that you read this Policy carefully before submitting any personal information to DBSA.
By submitting any personal information to the DBSA you provide consent to the processing of your personal information as set out in this Policy.
The provisions of this Policy are subject to mandatory, unalterable provisions of Applicable Laws;
Please do not submit any personal information to the DBSA if you do not agree to any of the provisions of this Policy. If you do not consent to the provisions of this Policy, or parts of the Policy, the DBSA will not be able to engage with you and/or enter into any subsequent relationship with you.
How to contact us
If you have any comments or questions about this Policy, please contact the Deputy Information Officer at POPIA@DBSA.ORG.
Amendment of this Policy
We may amend this Policy from time to time for any of the following reasons:
- To provide for the introduction of new systems, methods of operation or services;
- To comply with changes to any legal or regulatory requirement;
- To ensure that our Policy is clearer and more favourable to you;
- To rectify any mistake that might be discovered from time to time; and/or
- For any other reason which we, in its sole discretion, may deem reasonable or necessary.
Any such amendment will come into effect and become part of any contract that you have with the DBSA, when notice is given to you of the change by publication on our website. It is your responsibility to check the website often.
Privacy and indemnity
DBSA takes your privacy and the protection of your personal information very seriously, and we will only use your personal information in accordance with this Policy and Applicable Laws. It is important that you take all necessary and appropriate steps to protect your personal information yourself (for example, by ensuring that all passwords and access codes are kept secure).
We have implemented reasonable technical and operational measures to keep your personal information secure.
You hereby indemnify and hold DBSA harmless from any loss, damages or injury that you may incur as a result of any unintentional disclosures of your personal information to unauthorized persons or the provision of incorrect or incomplete personal information to the DBSA.
Information which we may collect about you
- Your or your employer or organization’s contact information, such as name, alias, address, identity number, passport number, security number, registration number, phone number, cell phone number, vehicle make and registration number, social media user ID, email address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your employer, memberships or affiliations, such as the name of your employer or organization that you are a member of, information about your colleagues or those within your organization, your status with an organization, and similar data, which are required for various legitimate interest, contractual and / or lawful reasons.
- Specific identifiers, which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, or in order to accommodate you in our workplaces, such as your race (Employment Equity related), religion (correct and fair treatment related), sexual and medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), trade union matters (to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history (to protect our legitimate interests and to perform risk assessments), as well as children’s details (benefits related).
- Account Information, including banking details, security-related information (including user names and passwords, authentication methods, and roles), service-related information (including purchase history and account profiles), billing-related information (including payment, shipping, and billing information), and similar data, all which are required to perform contractual matters and / or in order to provide you access to services.
- User Content, such as content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our websites, applications, mobile applications, or social media portals or platforms including information in alerts, folders, notes, and shares of content), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries.
- Device & Browser Information, such as network and connection information (including Internet Service Provider (ISP) and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application, or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings, and other technical information), advertising identifiers, cookie identifiers and information, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Usage Information and Browsing History, such as usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, API calls, and other logs), content interactions (including searches, views, downloads, prints, shares, streams, and display or playback details), and user journey history (including clickstreams and page navigation, URLs, timestamps, content viewed or searched for, page response times, page interaction information (such as scrolling, clicks, and mouse-overs), and download errors), advertising interactions (including when and how you interact with marketing and advertising materials, click rates, or next steps you may make after seeing an advertisement, and marketing preferences), and similar data which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Location Data, such as the location of your device, your household, and similar location data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Demographic Information, such as country, preferred language, age and date of birth, marriage status, gender, physical characteristics, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place.
- Identity Information, such as government-issued identification information, tax identifiers, social security numbers, other government-issued identifiers, and similar data, which are required to comply with laws and public duties.
- Financial Information, such as billing address, billing contact details, and similar data., tax numbers and VAT numbers, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries or to ensure that security safeguards are in place and / or which are required to comply with laws and pubic duties
- Career, Education, and Employment Related Information, such as job preferences or interests, work performance and history, salary history, status as a veteran, nationality and immigration status, demographic data, disability-related information, application information, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.
- Health records such as medical status and history, examinations, blood type, medial aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual or employment related matters or which are required to comply with laws and public duties.
- Social Media and Online Content, such as information placed or posted in social media and online profiles, online posts, and similar data, which are required to perform contractual matters and / or in order to provide you access to services or attend to queries.
We may require you to provide additional personal information, in order for us to meet our legal or regulatory obligations.
Where you provide us with the personal information of third parties you should take steps to inform the third party that you need to disclose their details to us, identifying us. We will process their personal information in accordance with this Policy.
How we collect information
You may provide personal information to us, as follows:
Direct collection: You provide personal information to us when you:
- Use our websites, applications, mobile applications, or social media portals or platforms.
- Interact with us.
- Enquire about, or search for our goods or services.
- Create or maintain a profile or account with us.
- Conclude a contract with us.
- Purchase or subscribe to our goods or services.
- Use our goods or services.
- Purchase, use, or otherwise interact with content, products, or services from third party providers who have a relationship with us.
- Create, post, or submit user content on our websites, applications, mobile applications, or social media portals or platforms.
- Register for or attend one of our events or locations.
- Request or sign up for information, including marketing material.
- Communicate with us by phone, email, chat, in person, or otherwise.
- Complete a questionnaire, survey, support ticket, or other information request form.
- When you submit a quotation, or offer to do business with us, a tender or when you conclude a contract with us.
- When you express an interest in a bursary or sponsorship.
Automatic collection: We collect personal information automatically from you when you:
- Search for, visit, interact with, or use our websites, applications, mobile applications, or social media portals or platforms.
- Use our goods or services (including through a device).
- Access, use, or download content from us.
- Open emails or click on links in emails or advertisements from us.
- Otherwise interact or communicate with us (such as when you attend one of our events or locations, when you request support or send us information, or when you mention or post to our social media accounts).
Collection from third parties: We collect personal information about you from third parties, such as:
- Your organization and others with whom you have a relationship with that provide or publish personal information related to you, such as from our customers or from others when they create, post, or submit user content that may include your personal information.
- Regulatory Bodies, professional or industry organizations and certification / licensure agencies that provide or publish personal information related to you.
- Third parties and affiliates who deal with or interact with us or you.
- Service providers and business partners who work with us and that we may utilize to deliver certain content, products, or services or to enhance your experience.
- Marketing, sales generation, and recruiting business partners.
- National Treasury, SAP, Home Affairs, Credit bureaus and other similar agencies.
- Government agencies, Regulators and others who release or publish public records.
- Other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain.
Use of information collected
We may use, transfer and disclose your personal information for the purposes of:
- Tendering and related procurement and supply chain management procedures-legitimate purpose: For the purposes of assessing whether you are capable and able to provide the DBSA with the required and requested goods and services in accordance with the supplied tender and / or request to contract documentation, which determination will take place as per the supply chain and procurement policies and procedures using duly appointed bid evaluation committees and / or selection personnel, in accordance with Applicable Laws.
- Due diligence purposes - legitimate purpose: To carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials, including your business details, medical status, health history and related records, education and employment history and qualifications, credit and financial status and history, tax status, B-BBEE status, and or any performance or vendor related history.
- Contract purposes – appointment as a vendor and service provider: Where declared a successful applicant or bidder, for the purposes of appointing you as a contractor, consultant or service provider and for the purposes of carrying out the required actions for the conclusion of a contract, including the drafting and / or vetting of the related procurement and contractual documents.
- Attending to financial matters pertaining to any transaction - conclusion of a contract: To administer accounts or profiles related to you or your organization including registrations, subscriptions, purchases, billing events, fees, costs and charges calculations, quoting, invoicing, receipt of payments or payment of refunds, reconciliations and financial management in general.
- Communications - legitimate purpose: To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.
- Risk assessment, fraud detection and anti-bribery and corruption matters - legitimate purpose: To carry out vendor, organizational and enterprise wide risk assessments, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with Applicable Laws, as well as to identify and authenticate your access to and to provide you with access to our goods, services or premises and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving our sites and operations or facilities and / or to exercise our rights and to protect our and others’ rights and / or property, including to take action against those that seek to violate or abuse our systems, services, customers or employees and / or other third parties where applicable.
- Legal obligation and public duties: To comply with the law and our legal obligations, including to register with Regulatory Bodies, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. and to submit reports or provide various notices or returns, to litigate and / or to respond to a request or order from a SAP official, investigator or court official, Regulator, or public authority.
- Security purposes: legitimate purpose and to comply with laws: to permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes.
- Marketing and electronic communications related thereto – consent required: To provide you with communications regarding us, our goods and services and / or other notifications, programs, events, or updates that you may have registered asked for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity.
- Internal research and development purposes – consent required: To conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services.
Disclosure of your information
Your personal information may be shared with our agents, sub-contractors, Regulatory Bodies and auditors as well as selected third parties who process the information on our behalf.
We may also disclose your personal information to third parties when we are entitled or obliged to do so under Applicable Law.
We may transfer your information to an agent, sub-contractor or third party who carries on business in another country, including one which may not have data protection laws similar to those of the Republic. If this happens, we will ensure that anyone to whom we pass your information agrees to treat your information with the same level of protection as if we were dealing with it.
If you do not wish us to disclose this information to third parties, please contact us at the contact details set out above. We may, however, then not be able to engage with you and/or enter into any subsequent relationship with you.
Retention of your information
We may retain your personal information indefinitely, unless you object, in which case we will only retain it if we are permitted or required to do so in terms of Applicable Laws. However, as a general rule, we will retain your information in accordance with retention periods set out in Applicable Laws, unless we need to retain it for longer for a lawful purpose.
Access to, correction and deletion of your personal information
You may request details of personal information which we hold about you under the Protection of Personal Information Act 4 of 2013 (“POPIA”) or about third parties where your rights are affected by such information under the Promotion of Access to Information Act 2 of 2000 (“PAIA”). Fees to obtain a copy or a description of such personal information are prescribed in terms of PAIA. Confirmation of whether or not we hold personal information about you may be requested free of charge.
You may request the correction of personal information DBSA holds about you. Please ensure that the information we hold about you is complete, accurate and up to date. The onus is on you to advise the DBSA of any changes to your personal information, as and when these may occur.
You have a right in certain circumstances to request the destruction or deletion of and, where applicable, to obtain restriction on the processing of personal information held about you. If you wish to exercise this right, please contact us using the contact details set out above.
You have a right to object on reasonable grounds to the processing of your personal information.
For more information in this regard please read our PAIA manual.
Should you believe that we have utilised your personal information contrary to Applicable Laws, you undertake to first attempt to resolve any concerns with us.
If you are not satisfied with such process, you may have the right to lodge a complaint with the Information Regulator, using the contact details listed below:
Tel: 012 406 4818
Fax: 086 500 3351