Privacy policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to NB Cycles, 8 MILLSIDE PARK MORNINGSIDE ROAD, PINELANDS, CAPE TOWN, SOUTH AFRICA 7405.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country refers to: South Africa

Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.

Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the Website.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website refers to NB Cycles, accessible from http://www.nbncycles.co.za

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.

Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_

Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

• Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

• Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain our Service, including to monitor the usage of our Service.

To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.

To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.

To manage Your requests: To attend and manage Your requests to Us.

For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.

For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.

For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.

With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.

With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.

With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.

With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, You can contact us:

By email: hello@nbcycles.co.za

Protection of Personal Information

  1. POLICY STATEMENT 1.1. NB Cycles processes personal information of its employees, clients and other data subjects from time to time. As such, it is obliged to comply with the Protection of Personal Information Act No. 4 of 2013 (“POPI”) as well as the Promotion of Access to Information Act No. 2 of 2000 (“PAIA”). 1.2. In line with this, NB Cycles is committed to protecting its clients’/supplier’s/employees’ and other data subjects’ privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws. 1.3. This Policy sets out the manner in which NB Cycles deals with such personal information and provides clarity on the general purpose for which the information is used, as well as how data subjects can participate in this process in relation to their personal information. 1.4. In addition to this policy, the company has also developed a manual and made it available as prescribed under the PAIA Act. Where parties/requesters submit requests for information disclosure in terms of this manual, internal measures have been developed together with adequate systems to process requests for information or access thereto.
  2. OBJECTIVES
    2.1. To ensure legislative compliance (POPI and PAIA Acts) in respect of all personal information that NB Cycles collects and processes.
    2.2. To inform employees and clients as to how their personal information is used, disclosed and destroyed.
    2.3. To ensure that personal information is only used for the purpose for which it was collected.
    2.4. To prevent unauthorised access and use of personal information.
  3. DEFINITIONS
    3.1. “Biometric information” means the physical, physiological or behavioural identification, including finger printing, amongst others.
    3.2. “Processing” means:
    3.2.1. The collection, receipt, recording organisation, collation, storage, updating, modification, retrieval, alteration, consultation or use;
    3.2.2. Dissemination by means of transmission, distribution or making available in any form;
    3.2.3. Merging, linking, erasure or destruction of information.
    3.3. “PAIA” means the Promotion of Access to Information Act No. 2 of 2000
    3.4. “POPI’ means the Protection of Personal Information Act No 4 of 2013
    3.5. “Regulator” means the Information Regulator established in terms of the POPI Act.
  4. COLLECTION OF PERSONAL INFORMATION
    4.1. NB Cycles collects and processes various information pertaining to its employees, clients and suppliers. The information collected is based on need and it will be processed for that need/purpose only. Whenever possible, NB
    Cycles will inform the relevant party of the information required (mandatory) and which information is deemed optional.
    4.2. The employee or client will be informed of the consequence/s of failing to provide such personal information and any prejudice which may be incurred due to non-disclosure. For example, NB Cycles may not be able to employ an individual without certain personal information relating to that individual or the organisation may not be in a position to render services to a client in the absence of certain information which is required.
    4.3. NB Cycles will process information in a manner that is lawful and reasonable (i.e., will not infringe the privacy of the individual or company).
    4.4. Where consent is required for the processing of information, such consent will be obtained.
    4.5. Information will be processed under the following circumstances:
    4.5.1. When carrying out actions for the conclusion or performance of a contract
    4.5.2. When complying with an obligation imposed by law on the company
    4.5.3. For the protection of a legitimate interest of the data subject
    4.5.4. Where necessary, for pursuing the legitimate interests of the company or of an authorised third party to whom the information is supplied.
    4.6. Examples of the personal information NB Cycles collects includes, but is not limited to:
    4.6.1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of an employee.
    4.6.2. Information relating to the education or the medical, financial, criminal or employment history (this includes disciplinary action) of an employee.
    4.6.3. Banking and account information.
    4.6.4. Contact information.
    4.6.5. Trade union membership and political persuasion.
    4.6.6. Any identifying number, symbol, email address, telephone number, location information, online identifier or other particular assignment to the employee or client
    4.6.7. The biometric information of the employee, client or data subject
    4.6.8. The personal opinions, views or preferences of an employee (also performance appraisals or correspondence) and the views or opinions of another individual about the person
    4.7. NB Cycles shall not process special personal information without complying with the specific provisions of the POPI Act. Special information includes personal information concerning:
    4.7.1. the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sex life or biometric information of a data subject; or
    4.7.2. the criminal behaviour of a data subject, where such information relates to the alleged commission by a data subject of any offence committed or the disposal of such proceedings.
    4.8. Collection of employee information:
    4.8.1. For the purposes of this Policy, employees include potential, past and existing employees of NB Cycles. Independent contractors are treated on the same basis where the collection of information is concerned.
    4.8.2. When appointing new employees/contractors, NB Cycles requires information, including, but not limited to that listed above, from prospective employees/contractors, in order to process the information on the system/s. Such information is reasonably necessary for the Company’s record purposes, as well as to ascertain if the prospective employee/contractor meets the requirements, for the position which he is being appointed/contracted, and is suitable for appointment.
    4.8.3. NB Cycles will use and process such employee information, as set out below for including, but not limited to, its employment records and to make lawful decisions in respect of that employee and its business.
    4.8.4. Use of employee information: Employees’ personal information will only be used for the purpose for which it was collected and intended. This includes, but is not limited to:
    4.8.4.1. Submissions to the Department of Labour
    4.8.4.2. Submissions to the Receiver of Revenue
    4.8.4.3. For audit and recordkeeping purposes
    4.8.4.4. In connection with legal proceedings
    4.8.4.5. In connection with and to comply with legal and regulatory requirements
    4.8.4.6. In connection with any administrative functions of the Company
    4.8.4.7. Disciplinary action or any other action to address the employee’s conduct or capacity.
    4.8.4.8. In respect of any employment benefits that the employee is entitled to
    4.8.4.9. Pre- and post-employment checks and screening
    4.8.4.10. Any other relevant purpose to which the employee has been notified.
    4.8.5. Should information be processed for any other reason; the employee will be informed accordingly.
    4.9. Collection of Client/Supplier information:
    4.9.1. For purposes of this Policy, clients include potential, past and existing clients. Suppliers include all vendors which contract with NB Cycles, whether once off or recurring, in respect of products and services.
    4.9.2. NB Cycles collects and processes its clients’ and suppliers’ personal information, such as that mentioned hereunder. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Further examples of personal information collected from clients include, but is not limited to:
    4.9.2.1. The client/supplier’s name, surname, e-mail address, address, postal code
    4.9.2.2. The client/supplier’s residential and postal address
    4.9.2.3. Contact information
    4.9.2.4. Banking details
    4.9.2.5. Company registration number
    4.9.2.6. Full name of the legal entity
    4.9.2.7. Tax and/or VAT number
    4.9.2.8. Details of the person responsible for the client’s/supplier’s account
    4.9.3. NB Cycles also collects and processes client’s personal information for marketing purposes in order to ensure that its products and services remain relevant to our clients and potential clients.
    4.9.4. Use of client/supplier information:
    4.9.4.1. The client/supplier’s personal information will only be used for the purpose for which it was collected and as agreed. This may include, but not be limited to:
    4.9.4.2. Providing products or services to clients
    4.9.4.3. In connection with sending accounts and communication to a client in respect of services rendered.
    4.9.4.4. Payment of suppliers and communication in respect of services rendered.
    4.9.4.5. Referral to other service providers
    4.9.4.6. Confirming, verifying and updating client/supplier details
    4.9.4.7. Conducting market or customer satisfaction research
    4.9.4.8. For audit and record keeping purposes
    4.9.4.9. In connection with legal proceedings
    4.9.4.10. In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
    4.10. Disclosure of personal information
    4.10.1. NB Cycles may share employees’ and clients/suppliers’ personal information with authorised third parties as well as obtain information from such third parties for reasons set out above.
    4.10.2. NB Cycles may also disclose employees’ or clients/suppliers’ information where there is a duty or a right to disclose in terms of applicable legislation, the law or where it may be necessary to protect the rights of the organisation or it is in the interests of the data subject.
  5. SAFEGUARDING OF PERSONAL INFORMATION AND CONSENT
    5.1. NB Cycles shall review its security controls and processes on a regular basis to ensure that personal information is secure.
    5.2. It will take appropriate, reasonable technical and organisational measures to prevent loss or damage or unauthorised destruction of personal information, and unlawful access to or processing of personal information. This will be achieved by –
    5.2.1. Identifying internal and external risks
    5.2.2. Establishing and maintaining appropriate safeguards
    5.2.3. Regularly verifying these safeguards and their implementation
    5.2.4. Updating the safeguards
    5.2.5. Implementing generally accepted information security practices and procedures.
    5.3. NB Cycles shall appoint an Information Officer and Deputy Information Officer who is/are responsible for compliance with the conditions of the lawful processing of personal information and other provisions of POPI.
    5.3.1. Information Officer details
    5.3.2. Name: Tracy Buckland – Partner
    5.3.3. Telephone number: 021 531 2221
    5.3.4. Postal address: 8 Millside Park, Morningside Road, Pinelands 7405
    5.3.5. Physical address: 8 Millside Park, Morningside Road, Pinelands 7405
    5.3.6. Email address: hello@nbcycles.co.za
    5.3.7. Deputy Information Officer
    5.3.8. Name: Tracy Buckland – Partner
    5.3.9. Telephone number: 021 531 2221
    5.3.10. Postal address: 8 Millside Park, Morningside Road, Pinelands 7405
    5.3.11. Physical address: 8 Millside Park, Morningside Road, Pinelands 7405
    5.3.12. Email address: hello@nbcycles.co.za
    5.4. The specific responsibilities of the Information Officer and his/her Deputy include –
    5.4.1. The development, implementation, monitoring and maintenance of a compliance framework.
    5.4.2. The undertaking of a personal information impact assessment to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information.
    5.4.3. The development, monitoring and maintenance of a manual, as well as the making available thereof, as prescribed in section 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000)
    5.4.4. The development of internal measures, together with adequate systems to process requests for information or access thereto; and
    5.4.5. To ensure that company staff awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.
    5.5. Employment contracts/addendums thereto, containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI are signed by every employee.
    5.6. On an ongoing basis, all suppliers, insurers and other third-party service providers are required to sign a service level agreement guaranteeing their commitment to the Protection of Personal Information.
    5.7. Consent to process client/supplier information is obtained from clients/suppliers (or a person who has been given authorisation from the client to provide the client’s personal information) and suppliers at sign on/appointment/contracting.
  6. DIRECT MARKETING
    6.1. The company shall ensure that:
    6.1.1. It does not process any personal information for the purpose of direct marketing (by means of any form of electronic communication, including automatic calling machines, SMS’s or e-mail) unless the data subject has given his, her or its consent to the processing or is an existing customer.
    6.1.2. It will only approach data subjects, whose consent is required and who have not previously withheld such consent, once in order to request the consent. This will be done in the prescribed manner and form.
    6.1.3. The data subjects will only be approached for the purpose of direct marketing of NB Cycles’s own similar products or services. In all instances, the data subject shall be given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality, to such use of his, her or its electronic details at the time when the information is collected.
    6.1.4. Any communication for the purpose of direct marketing will contain details of the identity of the sender or the person on whose behalf the communication has been sent and an address or other contact details to which the recipient may send a request that such communications cease.
  7. TRANSFER OF INFORMATION OUTSIDE OF SOUTH AFRICA
    7.1. NB Cycles will not transfer personal information about a data subject to a third party who is in a foreign country unless one or more of the following apply:
    7.1.1. the third party is subject to a law, binding corporate rules or a binding agreement which provides an adequate level of protection of personal information and effectively upholds principles for reasonable processing of the information.
    7.1.2. the data subject consents to the transfer
    7.1.3. the transfer is necessary for the performance of a contract between the data subject and the company
    7.1.4. the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the company and a third party; or
    7.1.5. the transfer is for the benefit of the data subject, and it is not reasonably practicable to obtain the consent of the data subject to that transfer and if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.
  8. SURVEILLANCE SYSTEMS
    8.1. Video footage and/or voice/telephone calls that have been recorded, processed and stored via CCTV camera or other surveillance systems constitute personal information. As such NB Cycles will make all employees, clients or data subjects aware as to the use of CCTV/other surveillance on the premises.
  9. SECURITY BREACHES
    9.1. Should NB Cycles detect a security breach on any of its systems that contain personal information, it shall take the required steps to assess the nature and extent of the breach in order to ascertain if any information has been compromised.
    9.2. NB Cycles shall notify the affected parties should it have reason to believe that their information has been compromised. Such notification shall only be made where the organisation can identify the data subject to which the information relates. Where it is not possible it may be necessary to consider website publication and whatever else the Information Regulator prescribes.
    9.3. Notification will be provided in writing by means of either:
    9.3.1. email
    9.3.2. registered mail
    9.3.3. the organisation’s website
    9.4. The notification shall provide the following information where possible:
    9.4.1. Description of possible consequences of the breach
    9.4.2. Measures taken to address the breach
    9.4.3. Recommendations to be taken by the data subject to mitigate adverse effects.
    9.4.4. The identity of the party responsible for the breach
    9.5. In addition to the above, NB Cycles shall notify the Regulator of any breach and/or compromise to personal information in its possession and work closely with and comply with any recommendations issued by the Regulator.
    9.6. The following will apply in this regard:
    9.6.1. The Information Officer will be responsible for overseeing the investigation.
    9.6.2. The Information Officer will be responsible for reporting to the Information Regulator within 3 working days of a breach/ compromise to personal information.
    9.6.3. The Information Officer will be responsible for reporting to the Data Subject(s) within 3 working days, as far as is reasonable and practicable, of a breach/ compromise to personal information.
    9.6.4. The timeframes above are guidelines and depending on the merits of the situation may require earlier or later reporting.
  10. ACCESS AND CORRECTION OF PERSONAL INFORMATION
    10.1. Employees and clients have the right to request access to any personal information that NB Cycles holds about them.
    10.2. Employees and clients have the right to request NB Cycles to update, correct or delete their personal information on reasonable grounds. Such requests must be made to the Information Officer (see details above) or at NB Cycles’s shop premises (see details below).
    10.3. Where an employee or client objects to the processing of their personal information, NB Cycles may no longer process said personal information. The consequences of the failure to give consent to process the personal information must be set out before the employee or client confirms his/her objection.
    10.4. The client or employee must provide reasons for the objection to the processing of his/her personal information.
    10.4.1. Head office details
    10.4.2. Name: NB Cycles
    10.4.3. Telephone number: 021 531 2221
    10.4.4. Postal address: 8 Millside Park, Morningside Road, Pinelands 7405
    10.4.5. Physical address: 8 Millside Park, Morningside Road, Pinelands 7405
    10.4.6. Email address: hello@nbcycles.co.za
  11. RETENTION OF RECORDS
    11.1. NB Cycles is obligated to retain certain information, as prescribed by law. This includes but is not limited to the following:
    11.1.1. With regard to the Companies Act, No. 71 of 2008 and the Companies Amendment Act No 3 of 2011, hard copies of the documents mentioned below must be retained for 7 years:
    11.1.2. Any documents, accounts, books, writing, records or other information that a company is required to keep in terms of the Act.
    11.1.3. Notice and minutes of all meetings, including resolutions adopted.
    11.1.4. Copies of reports presented at the annual general meeting.
    11.1.5. Copies of annual financial statements required by the Act and copies of accounting records as required by the Act.
    11.2. The Basic Conditions of Employment No. 75 of 1997, as amended, requires the organisation to retain records relating to its staff for a period of no less than 3 years.
  12. AMENDMENTS TO THIS POLICY
    12.1. Amendments to this Policy will take place from time to time subject to the discretion of NB Cycles and pursuant to any changes in the law. Such changes will be brought to the attention of employees and clients where it affects them.

REQUESTS FOR INFORMATION

13.1. In terms of requests to be processed under POPI, the following forms shall be used –
13.1.1. Objection to the processing of personal information – A data subject who wishes to object to the processing of personal information in terms of section 11(3)(a) of the Act, must submit the objection to the responsible party on Form 1. Request for Form 1
13.1.2. Request for correction or deletion of personal information or destruction or deletion of record of personal information – A data subject who wishes to request a correction or deletion of personal information or the destruction or deletion of a record of personal information in terms of section 24(1) of the Act, must submit a request to the responsible party on Form 2. Request for Form 2
13.1.3. Request for data subject’s consent to process personal information – A responsible party who wishes to process personal information of a data subject for the purpose of direct marketing by electronic communication must submit a request for written consent to that data subject, on Form 4. Request for Form 4
13.1.4. Submission of complaint – Any person who wishes to submit a complaint contemplated in section 74(1) of the Act must submit such a complaint to the Regulator on Part I of Form 5. A responsible party or a data subject who wishes to submit a complaint contemplated in section 74(2) of the Act must submit such a complaint to the Regulator on Part II of Form 5. Request for Form 5
13.2. In terms of requests for information under PAIA, the provisions of the PAIA Sec 51 Manual must be complied with and Form C completed. Request for Form C
13.3. Any requests and/ or advice can be directed to the Information Officer set out in this policy and in the Sec 51 PAIA manual.

NB CYCLES MANUAL in terms of Section 51 of The Promotion of Access to Information Act 2/2000 (the “ACT”)

  1. INSTRUCTION Established in 2017, NB Cycles offers a range of products and services to cyclists. NB Cycles offer retail of bicycle parts, new and second hand. NB Cycles also provide servicing of bicycle and parts. This manual outlines the implementation of PAIA (and aspects of POPIA) at NB Cycles and lists the primary records held by the company which can be accessed in accordance with the provisions of law. It further sets out how people can access information in terms of POPI.
  2. COMPANY CONTACT DETAILS The owner of NB Cycles, as head of the private body, has delegated his powers to the business partner, as Information Officer, whose details appear hereunder for purposes of dealing with all matters in connection with Requests for information on NB Cycles’s behalf, and to ensure compliance with the PAIA statute.
    2.1. Designated/duly authorised persons: Owner Neil Buckland Information Officer: Partner Tracy Buckland
    2.2. Contact Details: Postal Address: 8 Millside Park, Morningside Road, Pinelands, Cape Town 7405 Street Address: 8 Millside Park, Morningside Road, Pinelands, Cape Town 7405 Telephone Number: 021 531 2221
    Email: hello@nbcycles. co.za
  3. DESCRIPTION OF GUIDE REFERRED TO IN SECTION 10 The SAHRC has compiled a guide, as required by Section 10 of the Act, containing such information as may reasonably be required by a person who wishes to exercise any right contemplated in this Act. It is available in all of the official languages. The Guide is available for inspection, inter alia, at the office of the offices of the Human Rights Commission at 29 Princess of Wales Terrace, corner York and St. Andrews Street, Parktown, Johannesburg, Gauteng and at http://www.sahrc.org.za For further information please contact the SAHRC: E-mail: PAIA@sahrc.org.za Postal address: Private Bag 2700, Houghton, 2041 Telephone: +27 11 484 8300 Fax: +27 11 484 0582
    Click here to view or download the guide.
  4. THE ACT
    4.1. The PAIA statute grants a requester access to records of a private body, if the record is required for the exercise or protection of appropriate legal rights.
    If a public body lodges a request, the public body must be acting in the public interest.
    4.2. Requests in terms hereof shall be made in accordance with the prescribed procedures, and where applicable at the rates provided. The forms and tariffs are dealt with in paragraphs 6 and 7 of the Act.
    4.3. Requesters are referred to the Guide in terms of Section 10 which has been compiled by the South African Human Rights Commission, which will contain information for the purposes of exercising Constitutional Rights. The Guide is available from the SAHRC. The contact details of the Commission are: Postal Address: Private Bag 2700, Houghton, 2041 Telephone Number: +27-11-877 3600 Fax Number: +27-11-403 0625 Website: http://www.sahrc.org.za
  5. RECORDS AUTOMATICALLY AVAILABLE
    5.1. The following Records are automatically available without a person having to request access in terms of the Act:
    5.1.1. The web page http://www.nbcycles.co.za is accessible to anyone who has access to the Internet. NB Cycles’s website hosts the following categories of information: • Products and Services • Media reports and releases • Travel
    5.1.2. Product and promotional brochures/pamphlets
    5.1.3. News and marketing information
    5.1.4. Other literature intended for public viewing.
    5.1.5. The Privacy centre/portal that provides guidelines to requesters and data subjects on the processes to be followed in addressing rights in respect of the protection of personal information as well as access to information held by the organisation.
  6. APPLICABLE LEGISLATION
    LEGISLATION
    Companies Act No 71 of 2008
    Value-Added Tax Act No 89 of 1991
    Income Tax Act No 58 of 1962
    King IV Code
    Short-term Insurance Act 53 of 1998
    Competition Act No 89 of 1998
    IFRS and various other codes and legislation (auditing)
    Regulations for the Retention and Preservation of Company Records, 1983
    Promotion of Access to Information Act No 2 of 2000
    Protection of Personal Information Act No 4 of 2013
    Financial Sector Regulation Act 2017
    National Credit Act 34 of 2005
    Customs and Excise Act 91 of 1964
    Trademarks Act No 194 of 1993
    Electronic Communications & Transactions Act 25 of 2002
    Electronic Communications Act 36 of 2002
    National Road Traffic Act 1996
    Financial Advisory and Intermediary Act 2002
    Administration of Road Traffic Offences Act No 46 of 1998 (AARTO)
    Prescribed Rate of Interest Act No 55 of 1975
    Business Names Act 27 of 1960
    Local Government Municipal Property Rates Act 6 of 2004
    Copyright Act 98 of 1978
    Financial Intelligence Centre Act 38 of 2001
    Public Holidays Act 36 of 1994
    Land Survey Act 8 of 1997
    Deeds Registries Act 47 of 1937
    Copyright Act 98 of 1978
    National Environmental Management Act 107 – 1998
    Prescription Act 68 of 1969
    S A National Roads Agency Act 7 of 1998
    Arbitration Act, 1965 (Act 42 of 1965)
    Broad Based Black Economic Empowerment Act 53 of 2003
    Consumer Protection Act 68 of 2008
    Employment Equity Act No 55 of 1998
    Labour Relations Act No 66 of 1995
    Constitution of South Africa Act No 108 of 1996
    BBBEE Codes of Good Practice
    Basic Conditions of Employment Act No 75 of 1997
    Promotion of Equality and Prevention of Unfair Discriminations Act 4 of 2000
    Human Rights Commission Act, 1994 (Act 54 of 1994)
    South African Human Rights Commission Act, 2013 (Act 40 of 2013)
    Skills Development Levy Act No 9 of 1999
    Skills Development Act No 97 of 1998
    Unemployment Insurance Act No 63 of 2001
    Unemployment Insurance Contributions Act 4 of 2002
    Occupational Health and Safety Act No 85 of 1993
    Compensation for Occupational Injuries and Diseases Act 130 of 1993
    Prevention and Combating of Corrupt Activities Act 12 of 2004
    Regulation of Interception of Communications and Provision of Communication Related and Information Act 70 of 2002
    Hazardous Substances Act 15 of 1973 (ERS)
    Consumer Affairs (Unfair Business Practices) Amendment Act No 21 of 2001.
    Protected Disclosures Act No 26 of 2000
    National Environment Management Act 107 of 1998
    National Environmental Management Waste Act 59 of 2008
  7. SCHEDULE OF RECORDS General information about NB Cycles can be accessed via the internet on http://www.nbcycles.co.za which is available to all persons who have access to the internet.
    The subjects on which the private body holds records and the categories on each subject in terms of Section 51(1)(e) are as listed below. Please note that a requester is not automatically allowed access to these records and that access to them may be refused in accordance with Sections 62 to 69 of the Act:
    RECORDS
    SUBJECT
    Compliance
    BBBEE compliance Internal auditing and risk Legislative compliance Regulatory reports Policies and procedures Membership with industry bodies
    Corporate Governance
    Annual reports Board and Sub-Committee Administration Company Directorships Company Registrations Strategic Management
    Financial
    Audit management Financial Statements Budgets Creditors control Debtors control Insurance Management accounts Financial and Tax Records Asset Register
    Marketing
    Marketing and promotions Market research and surveys Product Brochures Member Handbook Sales Records Marketing strategies Customer Database Brand licencing Agreements Social Media activity
    Public Affairs
    Media statements NCAP Reports Road safety projects Research and Development projects
    Affiliations Donations/funding received
    Operations
    Vendor/supplier Database Call Records Membership of industry bodies and associations
    Human Resources
    Employee database Disciplinary action Job profiles Performance management Staff benefits and incentives Training and skills development SETA/other accreditation
    IT
    Information systems Network security Software licences Technology assets Disaster Recovery
    Procurement
    Contracts/Agreements Compliance documentation of service providers Procurement proposals and tenders Service provider records Service Level Agreements
    Property Management
    Building management Preventative and reactive maintenance Safety Audits Surveillance records
  8. PURPOSE OF PROCESSING OF PERSONAL INFORMATION
    NB Cycles processes personal information:
    • To support engagement with the media • To support engagement with service providers • To support engagement with members, customers and the general public • To support engagement with industry bodies • To support recruitment and management of staff • To support relationships with statutory and other authorities • To support sales and marketing activities
  9. DATA SUBJECTS CATEGORIES AND THEIR PERSONAL INFORMATION
    The following data subjects, and personal information processed, have been identified by the organisation:
    • Employees: record of employee life cycle • Funders and donors • Members • General public: tracking general enquiries and web site visits • Media: records of media interactions • Service providers: record of service provider life cycle • Statutory and other authorities: contact details
  10. PLANNED RECIPIENTS OF PERSONAL INFORMATION
    • Employee Provident Fund • Employee Benefits providers (Wellness, tax assist etc.) • Medical Schemes • Recruitment Agencies • Telecommunication providers • Financial institutions • Funders and donors • Industry bodies • Operators (service providers) • Statutory authorities • Media
  11. PLANNED TRANS-BORDER FLOWS OF PERSONAL INFORMATION
    • Flows to operators (service providers) • Flows to donors and funders. • Flows through the use of social media.
  12. SECURITY MEASURES TO PROTECT PERSONAL INFORMATION
    • Physical security measures • Access controls • Home and mobile measures • Internal security measures • Cyber security measures • Anti-spam measures • Anti-virus measures • Firewalls • Password control • Training in information security and other POPI requirements • Selective training of key staff • Policies for information security • Comprehensive coverage of all IT-related issues • Audits of information security • Provisions around security in all provider contracts/agreements
  13. FORM OF REQUEST
    13.1. The requester must complete Form C and submit this form together with a request fee, to the person delegated to deal with requests (for “the Information Officer”).
    13.2. The form must be submitted using any of the methods noted below: NB Cycles 8 Millside Park, Morningside Road, Pinelands, Cape Town 7405 South Africa, Physical Address: NB Cycles 8 Millside Park, Morningside Road,
    Pinelands, Cape Town 7405 South Africa Tel. No +27-021-531-2221. E-mail address of the delegated Information Officer: hello@nbcycles.co.za
    13.3. The requester must provide sufficient detail on the request form to enable the designated head to identify the record and the requester: • The requester should indicate which form of access is required. • The requester should indicate if any other manner is to be used to inform the requester and state the necessary particulars to be so informed. • The requester must identify the right that is sought to be exercised or to be protected and provide an explanation of why the requested record is required for the exercise or protection of that right. • If a request is made on behalf of another person, the requester must then submit proof of the capacity in which the requester is making the request to the satisfaction of the designated head of the private body. • A requester who seeks access to a record containing personal information about that requester is not required to pay the request fee. • Every other requester, who is not a personal requester, must pay the required request fee. • The Information Officer must notify the requester (other than a personal requester) by notice, requiring the requester to pay the prescribed fee (if any) before further processing the request. • The fee that the requester must pay to a private body is currently R50,00. The requester may lodge an application to the court against the tender or payment of the request fees. • After the Information Officer has made a decision on the request, the requester must be notified in the required form. • If the request is granted then a further access fee must be paid for the search, reproduction, preparation and for any time that has exceeded the prescribed hours to search and prepare the record for disclosure.
    13.4. NB Cycles has the right to reject any request for information submitted in terms of Sections 62 to 70 of Chapter 4 of the PAIA Act.
  14. AVAILABILITY OF THE MANUAL
    14.1. This manual is available for inspection at the shop premises of NB Cycles, free of charge or from the SAHRC. Signature omitted for security reasons, signed copy available on request. Information Officer of NB Cycles: Tracy Buckland. Signed copy available on request. Date: 25 June 2021 Next revision date of this document: 1 June 2022
  15. FEES IN RESPECT OF PRIVATE BODIES
    15.1. The following is a breakdown if the fees structure for the purposes of determining the manner in which fees relating to a request for access to a record of a private body are to be calculated:
    15.1.1. Part III of Regulation 187 published in the Government Gazette on the 15 February 2002: • The fee for a copy of the manual as contemplated in regulation 9(2)(c) is R1,10 for every photocopy of an A4-size page or part thereof. • The fees for reproduction referred to in regulation 11(1) are as follows:
    (a) For every photocopy of an A4-size page or part thereof R1,10
    (b) For every printed copy of an A4-size page or part thereof held on a computer or in electronic or machine-readable form R0,75
    (c) For a copy in a computer-readable form on USB R 70,00
    (d) (i) For a transcription of visual images, for an A4-size page or part thereof R 40,00,
    (ii) For a copy of visual images R 60,00
    (e) (i) For a transcription of an audio record, for an A4-size page or part thereof R 20,00;
    (ii) For a copy of an audio record R 30,00
    15.1.2. The request fee payable by a requester, other than a personal requester, referred to in Regulation 11(2) is R50,00.
    15.1.3. The access fees payable by a requester referred to in Regulation 11(3) are as follows:
    a) For every photocopy of an A4-size page or part thereof R 1,10;
    b) For every printed copy of an A4-size page or part; thereof held on a computer or in electronic or machine-readable form R 0,75;
    c) For a copy in a computer-readable form on USB R 70,00
    d) (i) For a transcription of visual images, for an A4-size page or part thereof R 40,00;
    (ii) For a copy of visual images R 60,00
    e) (i) For a transcription of an audio record, for an A4-size page or part thereof R 20,00;
    (ii) For a copy of an audio record R 30,00
    f) To search for and prepare the record for disclosure, R 30,00; for each hour or part of an hour reasonably required for such search and preparation.
    15.1.4. For purposes of section 54(2) of the Act, the following applies: • Six hours as the hours to be exceeded before a deposit is payable • One third of the access fee is payable as a deposit by the requester.
    15.1.5. The actual postage is payable when a copy of a record must be posted to a requester. Note: This manual is based on “EXAMPLE OF A MANUAL FOR A PRIVATE BODY” issued by the South African Human Rights Commission, amended to meet the needs of NB Cycles, with further additions to enhance its usefulness and comply with the Protection of Personal Information Act, No. 4 of 2013