Loading...
Home Privacy PROTECTION OF PERSONAL INFORMATION POLICY OF Tasti (PTY) LTD IN COMPLIANCE WITH THE PROTECTION OF PERSONAL INFORMATTION ACT 4 OF 2013 AND THE EUROPEAN GENERAL DATA PROTECTION REGULATIONS
The right to privacy is an integral human right recognised and protected in the South African Constitution and in the Protection of Personal Information Act 4 of 2013 (“POPIA”). The new General Data Protection Regulation (“GDPR”) exists for the purpose of the protection of data privacy for all EU (European Union) members. Simply put, this new law equates to South Africa’s Protection of Personal Information legislation. A person’s right to privacy entails having control over his or her personal information and being able to conduct his or her affairs relatively free from unwanted intrusions. Given the importance of privacy, Tasti is committed to effectively managing personal information in accordance with POPIA’s and the GDPR’s provisions.
The Policy applies to all Tasti’s electronic platforms, any Data Subjects, who access and make use of the aforementioned electronic platforms and all the Personal information collected by Tasti. Where Tasti processes information on behalf of a responsible party, their own privacy policy notice will apply.
Data Subject This refers to the natural or juristic person to whom personal information relates, such as an individual client, customer or a company that makes use of Tasti’s services. Operator An operator means an independent contractor who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party. Tasti acts as an operator for various responsible parties. Responsible Party The responsible party is the entity that needs the personal information for a particular reason and determines the purpose of and means for processing the personal information. In this case, the Company to whom Tasti renders services to is the responsible party. Tasti collects and stores personal information on behalf of the Responsible party and processes same on their behalf. Tasti is in compliance with the provisions of POPIA and the GDPR.
Tasti will ensure that the provisions of POPIA and the guiding principles outlined in this policy are complied with through the encouragement of desired behaviour. However, Tasti will take appropriate sanctions, which may include disciplinary action, against those individuals who through their intentional or negligent actions and/or omissions fail to comply with the principles and responsibilities outlined in this policy.
Tasti collects the following personal information on behalf of the Responsible Party: Name; Telephone number; Email address; Booking history; Custom tags and notes. Tasti may require additional personal information in the future and will notify the data subject should they do so and amend the policy accordingly.
Tasti will ensure that personal information under its control is processed:
in a fair, lawful and non-excessive manner, and only with the informed consent of the data subject, and only for a specifically defined purpose. Tasti processes personal information on behalf of the Responsible party for the purpose of online reservations; the online ordering platforms, ticketing, vouchers, and for marketing purposes as determined by the Responsible party.
The Responsible party will be responsible for the processing of personal data where the data subjects contact them telephonically to make reservations.
Tasti will not distribute or share personal information between separate legal entities, associated organizations or with any individuals that are not directly involved with facilitating the purpose for which the information was originally collected. Personal information may be shared in the following situations:
In the event that Tasti is involved in a merger, acquisition, or sale of business; If Tasti is required to do so by law. Where applicable, the data subject will be informed of the possibility that their personal information will be shared with other aspects of Tasti’s business and be provided with the reasons for doing so.
Tasti will ensure that its clients and customers are made aware of the rights conferred upon them as data subjects. In addition to being recorded herein, the data subjects will be notified of their rights in the Tasti’s terms and conditions contained online.
Tasti will ensure that it gives effect to the following seven rights.
The Right to Access Personal Information Tasti recognizes that a data subject has the right to establish whether the company holds personal information related to him, her, or it, including the right to request access to that personal information. An example of a “Personal Information Request Form” can be found here.
The Right to have Personal Information Corrected or Deleted The data subject has the right to request, where necessary, that his, her, or its personal information must be corrected or deleted where Tasti is no longer authorized to retain the personal information.
The Right to Object to the Processing of Personal Information The data subject has the right, on reasonable grounds, to object to the processing of his, her, or its personal information. In such circumstances, Tasti will give due consideration to the request and the requirements of POPIA.
Tasti may cease to use or disclose the data subject’s personal information and may, subject to any statutory and contractual record-keeping requirements, also approve the destruction of the personal information.
The Right to Object to Direct Marketing The data subject has the right to object to the processing of his, her, or its personal information for purposes of direct marketing by means of unsolicited electronic communications.
The Right to Complain The data subject has the right to submit a complaint regarding an alleged infringement of any of the rights protected under POPIA AND GDPR and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her, or its personal information. A complaint should be directed to the Responsible party directly, alternatively Tasti will assist with the complaint procedure against the responsible party. A complaint form can be found here, and Tasti will use its best endeavors to assist in resolving the dispute as speedily as possible.
The Right to be Informed The data subject has the right to be notified that his, her, or its personal information is being collected by Tasti. The data subject also has the right to be notified in any situation where Tasti has reasonable grounds to believe that the personal information of the data subject has been accessed or acquired by an unauthorized person. As an operator, Tasti will notify the responsible party immediately should they suspect a breach and/or unauthorized access to personal information.
The Right to Restriction of Processing The data subject shall have the right to request a restriction of processing, instead of erasing the information, but will only be allowed in certain instances. Personal information will still be stored but cannot be processed
Tasti keeps an appropriate record of all personal information. Record means any recorded information, regardless of form or medium, including any of the following: writing of any material; information produced, recorded, or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded, or stored; label, marking, or other writing that identifies or describes anything of which it forms a part, or to which it is attached by any means; book, map, plan, graph, or drawing; photograph, film, negative, tape, or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced.
By making use of Tasti’s services and accessing Tasti’s electronic platforms, the Data Subject and Responsible parties: acknowledge that they have read and understood the policy and related provisions; agree to be bound by this policy; and give Tasti consent to process and further process the required Personal Information for the required purpose, in accordance with this policy. Tasti’s privacy policy is immediately brought to the attention of the data subjects upon accessing Tasti’s electronic platforms and are given the option to consent to the processing of their information. Further consent is obtained from the Data Subject when they make use of the services of Tasti and accessing Tasti’s electronic platforms by agreeing to the terms and conditions. The Data Subjects' consent to this privacy policy and submission of information represents their agreement to processing.
Tasti is committed to protecting personal information from misuse, loss, theft, unauthorized access, modification, or disclosure by using electronic and physical defenses.
Tasti will manage the security of its filing system to ensure that personal information is adequately protected. To this end, security controls will be implemented to minimize the risk of
loss, unauthorized access, disclosure, interference, modification, or destruction.
Tasti’s server is managed and stored with a third party, who is compliant with the provisions for storing and processing personal information.
Third-party service providers will be required to enter into service level agreements with Tasti where both parties pledge their mutual commitment to POPIA and the lawful processing of any personal information pursuant to the agreement. Tasti ensures that all electronic records comprising personal information are securely stored and made accessible only to authorized individuals. All new employees will be required to sign employment contracts containing contractual terms for the use and storage of employee information. Confidentiality clauses will also be included to reduce the risk of unauthorized disclosures of personal information. All existing employees will, after the required consultation process has been followed, be required to sign an addendum to their employment containing the relevant consent and confidentiality clauses. A data subject may request the correction or deletion of his, her, or its personal information held by Tasti. Tasti will ensure that it provides a facility for data subjects who want to request the correction or deletion of their personal information. Employees and other persons acting on behalf of the organization will under no circumstances: Process or have access to personal information where such processing or access is not a requirement to perform their respective work-related tasks or duties. Save copies of personal information directly to their private computers, laptops, or other mobile devices like tablets or smartphones. All personal information must be accessed and updated from Tasti’s central database or a dedicated server. Share personal information informally. In particular, personal information should never be sent by email, as this form of communication is not secure. Where access to personal information is required, this may be requested from the relevant line manager or the Information Officer. Transfer personal information outside of South Africa without express permission. Employees and other persons acting on behalf of Tasti are responsible for: Keeping all personal information that they come into contact with secure, by taking sensible precautions and following the guidelines outlined within this policy. Ensuring that personal information is held in as few places as is necessary. No unnecessary additional records, filing systems, and data sets should, therefore, be created. Ensuring that personal information is encrypted prior to sending or sharing the information electronically. The IT Manager will assist employees and, where required, other persons acting on behalf of Tasti, with the sending or sharing of personal information to or with authorized external persons. Ensuring that all computers, laptops, and devices such as tablets, flash drives, and smartphones that store personal information are password-protected and never left unattended. Passwords must be changed regularly and may not be shared with unauthorized persons. Ensuring that their computer screens and other devices are switched off or locked when not in use or when away from their desks. Ensuring that where personal information is stored on removable storage media such as external drives, CDs, or DVDs that these are kept locked away securely when not being used. Ensuring that where personal information is stored on paper, such hard copy records are kept in a secure place where unauthorized people cannot access it. For instance, in a locked drawer of a filing cabinet. Ensuring that where personal information has been printed out, that the paper printouts are not left unattended where unauthorized individuals could see or copy them. For instance, close to the printer.
Taking reasonable steps to ensure that personal information is stored only for as long as it is needed or required in terms of the purpose for which it was originally collected. Where an employee,
or a person acting on behalf of Tasti, becomes aware or suspicious of any security breach such
as the unauthorized access, interference, modification, destruction, or the unsanctioned disclosure of personal information, he or she must immediately report to the appropriate person.
Tasti uses many third-party services for the management and storage of data, for email and SMS communication, and other tasks involving personal information. Tasti has conducted due diligence and these third-party processors are all fully compliant with the relevant provisions of POPIA and GDPR. Procedures and safeguarding measures are in place to secure, encrypt, and maintain the integrity of the data. All personal information is transferred to third parties via API (Application Programming Interface) using HTTPS (Hypertext Transfer Protocol Secure).
Tasti shall retain personal information for as long as it is necessary to fulfill the purpose for which it was collected, where after it shall be deleted. The criteria Tasti uses to determine retention periods include whether: Tasti is under contractual or other obligations to retain personal data; Personal information is needed to maintain business records.
One can choose whether to receive marketing communications from Tasti in respect of the Responsible party, where applicable, and for Tasti. Tasti shall not avail your personal information to unaffiliated third parties for direct marketing purposes or otherwise make personal information commercially available to any third party, unless one has provided consent to it. Should one wish to opt out of receiving such marketing, they will be given the option to do so; alternatively, they can contact Tasti directly at support@dineplan.com. Where Tasti uses personal data for the purposes of their own marketing and not that of the Responsible party, they warrant that they are compliant with all appropriate provisions of the POPIA and the GDPR.
Where a POPI complaint or a POPI infringement investigation has been finalized, the Tasti may recommend any appropriate administrative, legal, and/or disciplinary action to be taken against any employee reasonably suspected of being implicated in any non-compliant activity outlined within this policy. In the case of ignorance or minor negligence, Tasti will undertake to provide further awareness training to the employee. Any gross negligence or the willful mismanagement of personal information will be considered a serious form of misconduct for which Tasti may summarily dismiss the employee. Disciplinary procedures will commence where there is sufficient evidence to support an employee’s gross negligence. Examples of immediate actions that may be taken subsequent to an investigation include: A recommendation to commence with disciplinary action. A referral to appropriate law enforcement agencies for criminal investigation. Recovery of funds and assets in order to limit any prejudice or damages caused.
Tasti may update this policy from time to time. In the event of an update, Tasti shall post the revised version, with an updated revision date.
Online menus are used for the online and table ordering platform, and the digital menu functionality provided by The Company. The Proprietor will have access to update and change their menu(s).
It is the Proprietor’s responsibility to ensure that their menu(s) are up to date and accurate at all times. This includes menu categories, items, descriptions, images, and prices. The Company may assist the Proprietor from time to time, but the Proprietor accepts sole responsibility for the accuracy of any changes made by themselves or The Company and of their menu in its entirety.
The availability settings of the Proprietor’s services via the booking or ordering module must be kept up to date and accurate by the Proprietor. This includes, but is not limited to, dates, times, sizes, numbers of people or types of items available. The Company may assist the Proprietor with updating their account settings from time to time, but it remains the responsibility of the Proprietor to check the accuracy of any changes made by themselves or The Company.
Either Party may terminate this Agreement without cause by providing not less than 1 (one) calendar month’s written notice to that effect, on the other Party.
If Consumers have made payments for future bookings, orders, or tickets, the settlement cycle of these payments will remain. I.e. the payments will be released to the Proprietor the first business day after the booking, order, or event date.
Either party ("Aggrieved Party") may terminate this Agreement immediately on written notice to the other Party ("Defaulting Party") in the event that the Defaulting Party:
becomes insolvent
makes or is the subject of an application for its winding-up, whether provisionally or finally;
makes or attempts to make a compromise with its creditors; or
commits a material breach of any of its obligations under this Agreement and fails to remedy such breach within 7 (seven) days after receipt of written notice from the Aggrieved Party requesting that the breach be remedied.
Without limiting the aforegoing, in the event that the Proprietor fails to pay any amount due to The Company in terms of this Agreement within 7 (seven) days following the due date for such payment, The Company may, in its sole discretion and without prejudice to any of its rights, either terminate the Agreement immediately or suspend service until such payment has been received.
In the event of termination of this Agreement, the Restaurant will no longer have access to the Website, and any amounts due to The Company shall become immediately due and payable.
Should either party cancel and/or terminate the agreement prior to the expiration of a period for which pre-paid services have been made, no refund or discount will be provided by The Company.
The Parties select as their respective domicilia citandi et executandi, and for the purposes of giving or sending any notice provided for or required in terms of this Agreement, the addresses (including email addresses) as used in the Proprietor’s user accounts, or such other address as a Party elect in writing.
Any notice addressed to a Party at its physical or postal address shall be sent by prepaid registered post or delivered by hand.
Any notice shall be deemed to have been given:
The parties hereby consent to the jurisdiction of the South African Magistrate Court for the institution of any action resulting from this Agreement, however the Company reserves its rights to institute action in any other competent court of law.
In the event of the Proprietor not being subject to the CPA and the Proprietor committing any breach of this Agreement or in the event of the Company being required to take any legal action, the Proprietor agrees and undertakes to pay the Company’s legal costs as between attorney and own client including collection commission, tracing fees, valuation charges, transport costs and other expenses in connection therewith.
The Company shall own all right, title and interest in and to its technology, software and services, and all Intellectual Property rights in and to the foregoing. The Proprietor shall acquire no right, title or interest in any Intellectual Property rights related to the Company’s technology, services or software.
This Agreement sets forth the entire Agreement between the parties as regards the subject matter hereof, and supersedes any and all prior Agreements, between the parties with respect to the subject matter hereof. However, in the event that the Company and the Proprietor have entered into special agreement prior hereto and not contained herein, the Company will confirm in writing those special arrangements and furnish the Proprietor with same.
No relaxation which the Company may have permitted on any occasion in regard to the carrying out of the Proprietor’s obligations shall prejudice or be regarded as a waiver of the Company's rights to enforce those obligations on any subsequent occasion.
No waiver, suspension or postponement by any Party of any right arising out of or in connection with this Agreement shall be of any force or effect unless in writing and signed by such Party. Any such waiver, suspension or postponement will be effective only in the specific instance and for the purpose given.
This Agreement is severable, such that the invalidity of any part or parts of the contract does not have the effect of invalidating the remainder of the contract.
The Proprietor warrants that anyone operating the Website or platform on its behalf is authorized to do so and to contract for and on behalf of the Proprietor.
The Proprietor warrants that it has taken independent legal advice in relation to this agreement.
The Proprietor may not cede, delegate or assign any rights or obligations under this Agreement or any part, share or interest herein, without the prior signed and written consent of the Company.
