PRIVACY POLICY

TABLE OF CONTENTS

PRIVACY POLICY

Purpose

TANDM (referring to TANDM Technologies (Pty) Ltd and/or TANDM Systems (Pty) Ltd) (“the Company”) is involved in the collection, use, and disclosure of personal information relating to both natural and juristic persons.

The Company recognises the importance of privacy and is committed to protecting the personal information of all data subjects. Personal information is processed in a lawful, reasonable, and transparent manner.

The purpose of this Policy is to inform data subjects of:

  • the types of personal information collected;
  • the manner in which such information is collected, used, shared, stored, and protected; and
  • the rights of data subjects in relation to their personal information.

scope & application

This Policy is aligned with the provisions of:

  • the Protection of Personal Information Act, 4 of 2013 (POPIA); and
  • the Promotion of Access to Information Act, 2 of 2000 (PAIA).

POPIA gives effect to the constitutional right to privacy by ensuring that personal information is processed lawfully and in a reasonable manner that does not infringe on this right.

PAIA gives effect to the constitutional right of access to information held by private bodies. The Company’s PAIA Manual outlines the categories of information available and the process to request access where required.

collection of personal information

How personal information is collected

The Company may collect personal information from various sources, including:

  • directly from the data subject;
  • through the use of the Company’s products, services, or service channels;
  • through interactions such as email, telephone, social media, surveys, and website engagement;
  • from publicly available sources, including websites and online directories; and
  • from affiliate parties and authorised third parties for business purposes.

At the time of collection, the Company will indicate the purpose for which the information is being collected and whether the provision of such information is mandatory or voluntary.

Types of personal information collected

Personal information collected by the Company may include, but is not limited to:

  • name and surname;
  • contact details such as email address and telephone number;
  • employment or company-related information; and
  • any additional information required for a specific purpose.

Where necessary, the Company may request additional information such as physical address, account details, or identifying information.

Where the data subject is a juristic person, the Company may process personal information relating to individuals associated with that entity, including directors, employees, representatives, and authorised signatories. It is assumed that the necessary consent has been obtained when such information is provided.

The Company does not knowingly collect or process personal information relating to children.

The Company will only collect personal information that is reasonably necessary for the purpose for which it is required and will retain such information only for as long as necessary, unless otherwise required by law or contractual obligation.

Processing personal information

Conditions for processing personal information

The Company will process personal information only where one or more of the following conditions are met:

  • the data subject has provided consent;
  • a competent person has provided consent where required by law;
  • processing is necessary to conclude or perform a contract;
  • processing is necessary to pursue a legitimate interest of the Company or the data subject; or
  • processing is required or permitted by law.

Reasons for processing personal information

Personal information may be processed for the following purposes:

  • to establish, manage, and maintain relationships, agreements, or accounts;
  • to deliver products, services, documents, or notices;
  • to verify identity and ensure the accuracy of information;
  • to communicate with data subjects and respond to queries or requests;
  • to process payments and financial transactions;
  • to conduct customer satisfaction surveys, promotions, or competitions; and
  • to enable participation in value-added products and services.

Processing information for direct marketing

Where a data subject is an existing customer, personal information may be used to communicate information about products, services, or special offers.

Where a data subject is not an existing customer, marketing communications will be sent only with consent, as required by law.

In all cases, data subjects may opt out of receiving marketing communications at any time.

Managing personal information

Correcting and updating information

The Company will take reasonable steps to ensure that personal information is accurate, complete, and up to date.

Data subjects are responsible for notifying the Company of any changes to their personal information. Requests to access, correct, or update personal information may be submitted to the Company at any time.

Where personal information is obtained from third parties, the Company will take reasonable steps to verify its accuracy.

Deletion and/or retention of information

A data subject may request the deletion of personal information, subject to any legal or contractual obligations requiring retention.

Personal information is generally retained for a minimum period of five (5) years from the date of the last interaction, unless otherwise required by law.

Where information is retained for statistical or research purposes, it will be de-identified where appropriate.

disclosure of personal information

The Company does not sell, rent, or provide personal information to unauthorised third parties for independent use.

Personal information may be disclosed where:

  • required to enforce Company policies;
  • necessary to protect the rights, property, or safety of the Company or others; or
  • required by law.

Access to information

Access to personal information is managed in accordance with the Company’s PAIA Manual.

Requests for access must be submitted to the Information Officer in line with the prescribed procedures.

Consent

The Company will obtain voluntary, specific, and informed consent prior to processing personal information where required.

Consent will be requested in clear and understandable language and will not be pre-selected or assumed.

Data subjects may withdraw their consent at any time.

Cookie Policy

The Company uses cookies to enhance website functionality and improve user experience.

Cookies are used for purposes such as:

  • session management;
  • user recognition;
  • website performance tracking; and
  • analytics.

Users may disable cookies through their browser settings, although certain functionality may be affected.

Website tracking & analytics

The Company uses tools such as Google Analytics to monitor and analyse website usage.

This information assists in improving website performance and user experience. Data subjects may opt out of tracking through available browser tools.

partners, third parties & service providers

The Company may share personal information with affiliate partners, service providers, and third parties where necessary for business operations.

Appropriate agreements are in place to ensure that such parties treat personal information as confidential and process it only for authorised purposes.

The Company does not control the privacy practices of third parties and encourages data subjects to review their policies independently.

Cross-border transferal of personal information

As the Company works closely with affiliate parties in several countries, the personal information of a data subject may be shared with these affiliate parties in other countries and processed in those countries as part of the normal service process of the Company.

The Company does not exercise control over the privacy policies of affiliate parties. The Company is not responsible for any representation of information, warranties or content included in the privacy policy of any affiliate party. A data subject should refer to the privacy policy of any affiliate party to see how his/her personal information is protected.

The Company will only transfer a data subject’s personal information to third parties in another country under the following circumstances:

  • where a data subject’s personal information will be adequately protected under the other country’s laws or an agreement with the affiliate recipient;
  • where the transfer is necessary to enter into, or perform, under a contract with the data subject or a contract with an affiliate that is in the interest of the data subject;
  • where the data subject has consented to the transfer;
  • where it is not reasonably practical to obtain the consent of the data subject, and the transfer is in the interest of the data subject; and
  • the transfer will happen within the requirements and safeguards of the law.

Securing personal information

The Company implements appropriate technical, administrative, and physical safeguards to protect personal information.

Access to personal information is restricted to authorised individuals, and reasonable steps are taken to prevent loss, misuse, or unauthorised access.

information breach

In the event of a data breach, the Company will follow the procedures required under POPIA.

This includes notifying affected data subjects and the Information Regulator, and taking steps to contain, investigate, and mitigate the impact of the breach.

review of this policy

The Company reserves the right to amend this Policy from time to time.

The Policy will be reviewed periodically to ensure ongoing compliance with applicable legislation and business practices. The most recent version will be made available on the Company’s website.

complaints

Should a data subject believe that the Company has utilised his/her personal information contrary to provisions made in POPIA and PAPIA, the data subject undertakes to first attempt to resolve the concern with the Company using the contact details listed below:

Information Officer

Elton Murison

Physical Address

9 George Storrar Drive, Groenkloof, Pretoria, 0181, South Africa 

Tel

+27 87 092 0920

Email

dataprivacy@tandm.co.za

Last revision date: May 2026