Privacy Policy

1. Introduction

We are committed to protecting personal information and this privacy statement describes why and how we collect and use personal information and provides information about your rights in relation to personal information.

This Privacy Policy applies to Personal Information provided to us by participants in our Client Management Framework. We may use personal information provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

In this privacy statement, we refer to information about you or information that identifies you as “Personal Information” and refer to the handling, collecting, protecting, or storing of your personal information as “processing” such personal information.

We process personal information for numerous purposes, and we are committed to being transparent about why and how we process personal information.

2. Personal Information Collected

During our engagement with entities in our Client Management Framework Process we may collect the following information from our clients: –

Name, Identity Number, Passport Number, Date of Birth, Registration Number, Contact Details, Addresses, Tax and Vat Reference Numbers, Transaction History with Clients, Service Level Agreements, History of Telephonic Conversations, Formal Communications, Bank Account Numbers Home Language.

3. Source of Information

Most of the information regarding our clients will be obtained from the client save in respect of the following: –

• Information pertaining to the client’s credit history and rating may be collected from established Credit Bureaus.

4. Purpose of Processing

We collect Personal Information from our clients with the sole purpose of administering, managing, and developing our businesses and services and in pursuing our contractual obligations towards our clients.

5. Legal Grounds for Processing Personal Information

We rely on one or more of the following processing conditions in processing personal information within our Client Management Framework: –

• To carry out actions for the conclusion or performance of a contract with our clients; and

• To protect the legitimate interest of our clients; and

• To pursue the legitimate interests of Meraki Creative Studio (Pty) Ltd; and

• Processing complies with an obligation imposed by law on the entity including but not limited to the Value Added Tax Act, No. 89 of 1991, The Income Tax Act, No. 58 of 1962 and National Credit Act, No. 34 of 2005

• Where no other processing condition is available if you have agreed to us processing your personal information for the relevant purpose.

6. Retention

In respect of Financial Information: –

Personal Information collected in our client management process is either retained in Electronic Format or in “Hard Copies”. Hard Copies of financial information are retained under the supervision of the entity’s finance department in lockable cabinets or rooms with restricted access. Electronic copies of the Personal Information are retained in accordance with our Information Resources Policy.

Financial Information will be retained for as long as we engage the client in our Client Management Framework or for a period of five years thereafter and more specifically in terms of the Value Added Tax Act, No. 89 of 1991 and Income Tax Act, No. 58 of 1962

7. Destruction

Personal Information will be destroyed by the ordinary deletion in the case of electronic records or utilizing shredding or incineration in respect of hard copies.

8. Further Processing

Further processing of Personal Information, which is not compatible with the original purpose for which it was collected, shall not be allowed without the Client’s consent.

9. Transfer of Personal Information Cross-border transfers

Processing of the Personal Information of our clients in the Client Management Process may require the entity to engage in Cross-Border Transfers of Personal Information, which will mostly be limited to cloud storage facilities and online software accounting systems that may be operated from outside the borders of the Republic of South Africa. Meraki Creative Studio (Pty) Ltd shall however ensure that cross-border processors comply with the general requirements in respect of our Third-Party Processors Policy.

10. Third-Party Possessors

Meraki Creative Studio (Pty) Ltd may transfer or disclose the Personal Information we collect/process to third party contractors, subcontractors, and/or their subsidiaries and affiliates, in providing its services in running and managing identity management, payroll systems, website hosting and management, information analysis, remote software, backup, security and cloud storage services.

Third-Party Processors will be obliged to: –

• Always process information only with the knowledge or authorization of the Entity; and

• Treat information which comes to their knowledge as confidential and not disclose it; and

• Immediately notify the Entity in the event that there are reasonable grounds to believe that the personal information of a client has been accessed or acquired by any unauthorized person

Meraki Creative Studio (Pty) Ltd shall obtain the necessary undertaking/certificate that the Third-Party Processors will adhere to these requirements, save in the event of third-party processors that meet international standards for personal protection such as Google, Dropbox, and Microsoft One-Drive.

11. Disclosure of Personal Information

We may disclose personal information under the following circumstances: –

• To professional advisers, for example, law firms, as is necessary to establish, exercise, or defend our legal rights and obtain advice in connection with the running of our business. Personal Information may be shared with these advisors as necessary in connection with the services they have been engaged to provide.

• When explicitly requested to do so by clients.

• To law enforcement, regulatory, and other government agencies, and professional bodies, as required by and/or in accordance with applicable law or regulation. We may also review and use your personal information to determine whether the disclosure is required or permitted. The South African Police Services and the South African Revenue Services are examples of the above.

12. Processing by Means of Information Technology

The Processing of Personal Information by means of computers, mobile devices, networks, and servers are safeguarded in terms of our Information Resources Policy which provides for the creation and maintenance of backup facilities and procedures, the installation and regular updating of Anti-Virus and Firewall Software and by subjecting our employees to a stringent Fair Use Policy in respect of our Information Resources.

12. Processing by Employees

Meraki Creative Studio (Pty) Ltd implemented a generally accepted standard of security as far as our employees are concerned through training, a Human Resources Policy, confidentiality agreements, and awareness programs, the entity further procured special confidentiality undertakings from our employees pertaining to the Protection of Security-Related Information.

12. Your Legal Rights in Relation to Personal Information