Privacy policy

Privacy Policy for Ciovita (Pty) Ltd 

Introduction 

This Privacy Policy explains how Ciovita (Pty) Ltd (“Ciovita”) processes your personal information in accordance with the requirements of the Protection of Personal Information Act, 4 of 2013 (“POPIA”). We are committed to protecting your privacy and ensure that your personal information is processed properly, lawfully, and transparently. The Privacy Policy explains the steps taken to protect personal information collected through interactions with us.

The Privacy Policy describes the type of personal information we collect, the purposes for which it is used, your rights regarding personal information about you, security measures and how you can review, object, and correct your personal information held by us.

We encourage all persons to read the Privacy Policy. By using our services or submitting personal information to Ciovita by any other means, you acknowledge that you understand, consent, and agree to be bound by this Privacy Policy, and agree that Ciovita may collect, process, transfer, use and disclose personal information as described in this Privacy Policy.

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY, PLEASE DO NOT USE ANY OF OUR SERVICES.

What is Personal Information?

As per POPIA, “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

(a) Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or  social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) Information relating to the education or the medical, financial, criminal or employment history of the person;
(c) Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) The biometric information of the person;
(e) The personal opinions, views or preferences of the person;
(f) Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) The views or opinions of another individual about the person; and
(h) The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person; In short, personal information is any information that can be used to personally identify a natural or juristic person. If any information we collect can personally identify you or a juristic person, or you or a juristic person are reasonably identifiable from it, we will treat it a personal information.

Information Officer

As required by POPIA, we have an Information Officer who is responsible for maintaining compliance with the Act. The Information Officers duties are as follows:

  • Encourage compliance with the conditions for the lawful processing of personal information.
  • Deal with requests made to Ciovita in terms of POPIA and The Promotion of Access to Information Act, 2 of 2000 (“PAIA”).
  • Work with the Information Regulator in relation to investigations conducted in terms of Chapter 6 of POPIA.
  • Ensuring compliance with the provisions of POPIA
  • Ensure a compliance framework is developed, implemented, monitored, and maintained.
  • Ensure a personal information impact assessment is done to ensure that adequate measures and standards exist to comply with the conditions of lawful processing of personal information.
  • Develop, monitor, maintain and make available a manual in terms of PAIA.
  • Develop internal measures together with adequate systems to process requests for the information or access thereto.
  • When requested, the information officer must provide copies of the PAIA manual upon payment of a fee to be determined by the Regulator.

Any deviations from this Privacy Policy, a breach or incident that comes to any person’s attention must be reported to the Information Officer or Deputy Information Officer. 

What Personal Information Do We Collect?

Personal information that we collect may include but not be limited to: 

 Data Subject  Personal Information Collected 
Clients  Name and surname, ID numbers, physical address, postal address, email address, contact details, bank details 
Suppliers/Service Providers  Bank details, address, contact details, email address, VAT number
Employees  Name and surname, bank details, address, contact details, tax number, payroll history, disciplinary records, email address, next of kin (emergency contact), gender, ID number, disability, age 
Visitors to Premises  Name and surname, contact details, email address, ID number (copy of ID) 
Retailers/Brands  Company name, name and surname, email address, physical address, phone number, language 
Prospective Employees  Information contained in CV’s 
Visitors to Website 

Contact Form

  • Name and surname
  • Email address
  • Information submitted as a query/comment

When Signing Up to Our Newsletter

  • Name and surname
  • Gender
  • Email address
  • Physical address
  • Birthday (optional)

When Creating and Instant Quote

  • Name and surname
  • Email address
  • Phone number
  • Company name
  • VAT number (optional)
  • Physical address
  • Name of referrer (if applicable)
  • Information provided as part of a comment

Creating an Account

  • Name and surname
  • Email address

When Ordering an Item

  • Email address
  • Name and surname
  • Company name (optional)
  • Physical address (shipping address)
  • Phone number
  • Billing details Managing Orders
  • Email address
  • Phone number

Chat Box

  • Email address
  • Phone number (for SMS)
  • Information provided when interacting on the platform

You are not required to provide all this information. However, if you choose not to, we may not be able to provide you with effective service. If you provide us with personal information of third parties, please make sure that you are authorised to do so. 

Special personal information is processed in accordance with the legal requirements relating to such information. If you submit to Ciovita any personal information relating to your: 

  • racial or ethnic origin;
  • political beliefs;
  • philosophical or religious beliefs;
  • membership of a trade union or political party;
  • health or sex life or;
  • the commission of criminal offenses or proceedings and associated penalties or fines

It will be handled in accordance with the legal requirements. The information will only be collected and processed:

  • with your consent;
  • if the processing is necessary for the establishment, exercise or defence of a right or obligation in law;
  • the processing is necessary to comply with an obligation of international public law;
  • If any of the authorisations set out in s28 – s33 of POPIA exist.

We will always ensure that the processing of special personal information is done in a way that does not adversely affect your privacy to a disproportionate extent.

We will not use or disclose special personal information for purposes other than those for which it was collected unless we subsequently receive your consent to use it for another purpose. 

Sources of Personal Information Collected by Ciovita 

We collect information directly from you unless it is unreasonable or impracticable to do so. Where possible, we will inform you what information you are required to provide to us and what information is optional.

Generally, the collection will occur when:

  • We contact you via phone or email
  • Sign up via a marketing email
  • Information from third parties
  • Referrals from third parties
  • You submit a request on our website
  • Transactional information through first parties
  • We connect via social media (eg: Facebook, Google, Linkedin)

In some circumstances, it may be necessary for us to collect personal information about you from a third party. Where this occurs, we will rely on the authority of the person providing us with the personal information. By providing your personal information to us, you will be deemed to have consented to your personal information being collected by us and used and disclosed in accordance with this Privacy Policy.

You must let us know immediately if you become aware that your personal information has been provided to us without your consent or if you did not obtain the consent of another person or persons to provide us with their personal information. 

Why Do We Collect Your Personal Information?

Subject to the terms of this Privacy Policy, Ciovita will use your personal information only for the purposes for which it was collected and agreed with you. We will only process your personal information for lawful purposes as set out below:

  • To conclude or perform in terms of a contract.
  • To comply with an obligation imposed by law on us as the responsible party.
  • To protect your legitimate interests
  • To pursue our legitimate interests or the legitimate interest of a third party to whom the information is supplied.
  • Where none of the abovementioned processing purposes are available, if you have consented to the processing for the relevant purpose

Unless otherwise stated specifically the information may be used for the following purposes:

  • Rendering a service to clients
  • To transact with suppliers
  • Employee administration/management
  • To respond to enquiries and/or requests
  • Recruitment
  • For statistical or research purposes
  • Legal and regulatory purposes
  • To perform in terms of a contract
  • Data analysis for improved marketing
  • Social media posts
  • Collection of information for marketing purposes

Ciovita does not sell, re-sell or distribute your personal information for re-sale.

We strive to maintain the quality, accuracy, and completeness of your personal information which we process. The quality of personal information degrades over time, and you can assist us by contacting us if there are any changes to your personal information or if you become aware that we have inaccurate personal information of you. We will not be held responsible for any losses arising from poor quality personal information which is inaccurate or incomplete, that is provided to us by yourself or person acting on your behalf. 

Disclosure of Personal Information to Third Parties 

In certain instances, we provide your personal information to third parties. We do not sell, rent, or trade any personal information to any third parties. We will only disclose your personal information to third parties as per the information set out in this Privacy Policy.

We have notified all third parties to which we disclose your personal information to be processed on our behalf (operators), either through signed operator agreements or notification that we comply with the requirements of POPIA and expect them to treat your personal information with the level of security they would treat their own and in accordance with the requirements of POPIA (especially the requirements of Condition 7 – Security Safeguards).

We will not disclose any personal information without your consent unless we reasonably believe that the disclosure is required in terms of an obligation imposed by law, if it is necessary for the proper performance of a public law duty by a public body, to protect your legitimate interest or the legitimate interest of us or a third party or if you have specifically requested us to do so. 

Processing the Information of Children 

Generally, we do not process the personal information of children (natural person under the age of 18).

We will only process the personal information of a child if the processing is:

  • Carried out with the prior consent of a competent person (usually parent or guardian)
  • Necessary for the establishment, exercise, or defence of a right or obligation in law
  • Necessary to comply with an obligation of international public law.
  • Of personal information which has been deliberately made public by the child with the consent of the competent person.

This processing generally only takes place when the information is required following an incident in which a child was involved.

If you are a competent person and are aware that your child or children have provided us with personal information, please contact us. If we become aware that we have collected or processed the personal information of children without verification or the consent of a competent person, we will take steps to delete or destroy the information. 

Retention of Data 

Ciovita will retain personal information only for as long as is necessary for the purposes set out in this Privacy Policy unless there is a valid technical, legal, or business reason for it to be deleted, destroyed or deidentified.  

We may keep some of your personal information:

  • For as long as it is required by law
  • If it is required by a code of conduct
  • If it is reasonably needed for lawful purposes related to our functions and activities; or Privacy Policy – Ciovita
  • If it is reasonably required for evidentiary purposes

Transborder Flow of Personal Information

In certain instances, we may disclose your personal information to third parties that are based in foreign countries.

The transfer of this information will only be completed if:

  • the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection.
  • You consent to such transfer.
  • The transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken in response to a request from you.
  • the transfer is necessary for the conclusion or performance of a contract concluded between us and the third party that is in your interest; or
  • The transfer is for your benefit and
    • it is not reasonably practicable to obtain the consent of the data subject to that transfer; and
    • if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.

Although we will take every precaution, it is possible that your personal information will be transferred to a third party in a foreign country that is in a jurisdiction where you will not be able to seek redress under POPIA and does not have an equivalent level of data protection as in your jurisdiction. We will not be held liable for how such third parties process your personal information.

Security

Ciovita is committed to protecting the security of personal information. While no security measures can guarantee against compromise, we use a variety of security technologies and procedures to help protect data from unauthorised access, use, or disclosure. Although these measures are in place, the transmission of data over the internet is never completely secure and as such we cannot guarantee the security of data transmitted to or by Ciovita.

We hold your personal information in:

  • Computer systems
  • Electronic databases
  • In hard copy or paper files

We have implemented and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect personal information and prevent:

  • loss of, damage to or unauthorised destruction of personal information; and
  • unlawful access to or processing of personal information.

We use Shopify as our online platform to sell our products. Shopify provides robust security measures, including SSL encryption, protection against DDos attacks, and adherence to PCS DSS compliance standards throughout the platform. 

Direct Marketing Communications

We may communicate with you using email, social media or other channels as part of our effort to inform you about products and services of Ciovita.  

We will only send this information to you if you have consented to receive such information. If you no longer wish to receive such correspondence, you may opt-out or UNSUBSCRIBE by clicking on the relevant link in any email communication or replying through any other channel you may have received. Further, you may express your communication preferences by:

  • Contacting us by using the contact information in this Privacy Notice

Cookies, Device Data, and How it is Used

Various technologies may be used on our website in order to improve them, make them more user-friendly, effective and secure. These technologies may lead to personal information being collected automatically by us or by third parties on behalf of us. Examples of such technologies are cookies, flash cookies and web analytics.

Click-Stream Personal Information

A visit to our website results in personal information that is sent from your browser to our server. This personal information makes it possible to optimize our services and improve your experience on our website. The personal information is automatically collected and stored by us or by third parties on our behalf. This personal information can include, in particular, the following:

  • the user’s IP address
  • the date and time of the visit
  • the referral URL (the site from which the visitor has come)
  • the pages visited on our website
  • information about the browser used (browser type and version, operating system, etc.)

Cookies

Cookies are small text files that are stored on your computer. For this section, we conveniently use "cookies" as an umbrella term for techniques such as cookies, Flash cookies, web beacons and JavaScript. They don’t take much space and they will be removed automatically when expired. Some cookies expire at the end of your internet session, while others will be saved for a limited amount of time.

Ciovita uses cookies to ensure your visit to our website is as pleasant as possible. There are different types of cookies with different uses. Some are there just to allow you to browse the website and see certain features. Some give us an idea on your browsing experience, i.e. when you have trouble finding what you are looking for, so we can improve and make your future visit as pleasant as possible.

You can change your browser settings to delete or prevent cookies from being stored on your computer or mobile device without your explicit consent. The ‘help’ section in your browser should provide information on how to manage your cookie settings. 

Social Networks

Our website and (mobile) applications provide you with Social Plug-ins from various social networks. If you choose to interact with a social network, your activity on our website or via our (mobile) applications will also be made available to social networks such as Facebook and Twitter.

If you are logged in on one of these social networks during your visit to one of our websites or (mobile) applications, the social network might add this information to your profile. If you are interacting with one of the Social Plug-ins, this information will be transferred to the social network. In case you do not want a personal information transfer, please log off on your social network before you use our website or (mobile) applications.

We cannot control this personal information collection and personal information transfer via the Social Plugins. Please read the privacy policies of those social networks for detailed information about the collection and transfer of personal information, what rights you have and how you can achieve satisfactory privacy settings.

Geolocation Services

We offer location-enabled services within some of our applications, such as Google Maps. If you use those applications, the companies that provide these services may receive information about your actual location or information that can be used to approximate a location. You can generally enable or disable your location services in your device or browser settings. We also use your IP address to send users to the correct regional store.

Web Analytics By Google Analytics

The web analytic services on our website are provided by Google Analytics. This means that when you visit our website a cookie by Google Analytics will be stored on your computer or mobile device, except when your browser settings do not allow for cookies.

This further means that when you visit our website, the web analytics personal information including the “click-stream personal information”, the personal information from “web beacons and tracking links” and information stored in Google Analytics’ cookies – will be sent to Google Analytics for analysis for and on behalf of Ciovita. Please note that if you have created an online profile on our website and if you are logged on in this profile, a unique number identifying this profile is also being sent to Google Analytics to match the web analytics personal information to this profile.

Google Analytics acts as an agent to Ciovita, which means that Ciovita solely determines the purposes for which the personal information is being used and that Google Analytics will not disclose the information to any third parties (except when required to do so by law or court order). In privacy terms, this means that Ciovita is the “responsible party” and Google Analytics the “operator”. 

Retargeting Technologies

Our website and (mobile) application use re-targeting technologies. This enables us to show our visitors, who were already interested in our shop and our products, advertisements from us on partner websites. We believe that the display of a personalised, interest-based advertising is more interesting for our users than advertising that does not have a personal connection.

We also work with other companies who use tracking technologies to serve ads on our behalf across the Internet. These companies may collect information about your visits to our websites or (mobile) applications and your interaction with our communications, including advertising.

Re-targeting technologies analyse your cookies and display advertisement based on your past surfing behaviour. 

Your Rights

The Right to be Notified

  • You have the right to be notified when your personal information has been accessed or acquired by an unauthorised person.
  • When this occurs, we will notify the Information Regulator and you of the breach as soon as reasonably possible after discovering the breach.
  • This will be communicated to you in one of the following ways:
    • By mail (to last known address)
    • By email (to last known email address)
    • Placed in a prominent position on our website.
    • Published in the news or media.
    • As may be directed by the Information Regulator.

The Right to Object to Processing in Certain Circumstances

  • You may object at any time to the processing of your personal information in the prescribed form on reasonable grounds to your situation unless legislation prohibits such objection.
  • You can object to the processing of your personal information for the purposes of direct marketing at any time.

The Right to Establish Whether We Hold Your Personal Information and to Request Access to Such Information

  • You have the right to be informed of whether we process personal information of you, receive a copy of such information and how we process your personal information.
  • You can also request the above relating to any third parties to whom we have transferred your personal information to as per this Privacy Policy.
  • To do this, please use the contact details set out at the bottom of this Privacy Policy and specify what information you require.
  • We will try and provide you with suitable means of accessing the requested information, where you are entitled to it.
  • Note that you will be requested to provide identification before we can consider such requests.
  • Requests for the personal information we hold will be done free of charge however a fee may apply for such information processed by third parties.
  • There may be instances where we cannot grant access to your personal information. If we refuse access, we will give written reasons for the refusal.

The Right to Request Correction, Destruction or Deletion of Personal Information

  • You may request us to correct or delete any information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained illegally.
  • If you believe that any personal information that we hold about you is excessive or has been unlawfully obtained or that we are no longer authorised to retain it, you may ask us to destroy or delete it.
  • If we do not agree that there are grounds for action, you may ask us to add a note to the personal information stating that you disagree with it.
  • We will require a copy of your identification document to confirm your identity before we will release this information.
  • Once this is completed, we will notify you of such.

The Right to Submit a Complaint to the Information Regulator

  • Any person may submit a complaint to the Information Regulator alleging interference with the protection of the personal information of a data subject.
  • Interference with the protection of personal information means:
    • Any breach of the 8 conditions for the lawful processing of personal information
    • Non-compliance with section 22 (notification of security compromise), 55 (duty of confidentiality), 69 (direct marketing), 70 (directories), 71 (automated decision making) or 72 (transborder flow of information)
    • A breach of the provisions of a code of conduct.

The Right to Institute Civil Proceedings

  • You (or the Information Regulator at the request of yourself) may institute civil proceedings for damages against you for a breach which you deem to be interference with the protection of your personal information.

The Right to Restrict the Processing of Personal Information

We will restrict the processing of Personal Information in the following circumstances: 

  • You have contested the accuracy of personal information, for a period which enables us to verify the accuracy of the information,
  • The processing is unlawful, and you oppose the destruction or deletion and request us to restrict it instead.
  • You have requested us to transmit the personal data into another automated processing system.

All requests must be made in the prescribed manner and form. The various forms are available from the Information Regulator. 

Complaints to the Information Regulator 

If you would like to make a compliant to the Information Regulator about the processing of your personal information, complete Form 5 available on the website of the Information Regulator. The Information Regulator’s details are as follows: 

 Physical Address 

JD House
27 Stiemans Street 
Braamfontein
Johannesburg 
Postal Address 

PO Box 31533
Braamfontein
2017 
Complaints 

popiacomplaints@inforegulator.org.za
General Enquiries 

enquiries@inforegulator.org.za

 

Changes to this Privacy Policy

Ciovita may occasionally update this Privacy Policy. When we do, we will revise the “last updated” date as set out below.

This Privacy Policy was last updated on 06 August 2024.

Acknowledgement of the Terms of the Policy

Kindly note, that when you request a copy of the policy, we accept that:

  • You have read the contents of the policy
  • You have acknowledged that you understand the contents of the policy
  • You do not have any issues with the contents of this policy
  • You have no objections to your personal information being processed as set out in this policy

Contact Us

If you have questions regarding this Privacy Policy or our handling of personal information, please contact us as follows:

Information Officer: Andrew Gold

Email: " andrew @ ciovita . com"

Deputy Information Officer: Richard De Villiers

Email: " Richard @ ciovita . com"