Heartshine Privacy Policy

Updated 10 December 2023

Heartshine NPC (“us”, “we”, or “our”) provides the HEARTSHINE website through which services and products may be provided (the “Website”).

Our Privacy Policy explains:

  1. i) What Personal Data we collect and why we collect it
  2. ii) How we use Personal Data

iii) Who we share Personal Data with

  1. iv) The choices we offer, including how to access, update, and remove Personal Data
  2. INFORMATION COLLECTION AND USE

HEARTSHINE collects Personal Data about you when you provide it directly to us, when we feel it necessary to capture key information to help our agents in future service requests, or when Personal Data about you is automatically collected in connection with your use of the Website.

We use this Personal Data to:

  • provide, administer, and improve the Website functionality;
  • better understand your needs and interests;
  • fulfil requests you make;
  • personalise your experience;
  • provide service announcements;
  • provide you with information and offers from HEARTSHINE, HEARTSHINE affiliates, and our business partners;
  • protect, investigate, and deter against fraudulent, harmful, unauthorised, or illegal activity and
  • comply with legal obligations.
  1. HOW WE USE YOUR INFORMATION

We use information held about you (and information about others that you have provided us with) in the following ways:

2.1 Contact Information:

This is information we collect to identify or contact you, we collect typical “business card information” such as your first and last name, physical address, email address, telephone number. This is the basic information that we collect when you register for our service on the Website.

2.2 Task Information

This is information related to any Tasks that you generate and the fulfilment therein by any party including any Service Provider/s, whereby behavioural or preference analytics can be determined. This information is solely used to efficiently serve you and or to provide alternative options while using the Website.

2.3 Transaction Information:

This is information related to transactions you conduct on the Website.

2.4 User:

From time to time we will collect Personal Data as part of such content, images, comments, and other content, information such as important addresses and basic family information and user preferences such as “Client likes independent coffee shops”. This information is solely used to efficiently serve you and or to provide alternative options while using the Website.

2.5 Technical Information:

We collect information about your mobile device, including where available, your IP address, operating system and browser type, for system administration and analytical purposes; information showing us from which App Store you downloaded our App.

2.6 Information we receive from other sources:

When using the Website, we may be in contact with third parties who may, subject to the provisions of clause 3, provide us with certain information about you in order to enable your use of the Website.

2.7 Cookies or similar technologies to analyse trends:

We use technology to administer the HEARTSHINE Website, track users’ movements around the website, and gather information about our user base, such as location information based on IP addresses. Users can control the use of cookies at the individual browser level. For more information regarding cookies or similar technologies, please review our Cookie Policy.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioural advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our products do not support Do Not Track requests at this time, which means that we collect information about your online activity, both while you are using the products and after you leave our site.

2.8 Crash data:

This will include your device information, details of the incident experienced, your screen resolution and any comments that you add to the incident. This information is processed by a third party that is GDPR compliant.

2.9 Transferring data internationally:

In order to provide our goods and services, we may need to transfer your information from your country of residence to another country in the usual course of our business. By dealing with us and submitting your personal information, you agree to the transfer, storage, and/or processing of your personal information outside of your country of residence.

We will only transfer your personal information to those third parties that may be required to renders services to assist in completion of your tasks and in such event we select providers that can protect your privacy and your rights, for example, the third party is located in a country which the EU has deemed to have adequate data protection laws in place, or where we may have a contract in place with that third party which includes the European Commission’s standard data protection clause.

  1. JUSTIFICATION OF USE

We will only use your Personal Data if we have a lawful basis for doing so. Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:

3.1 Consent: where you have consented to our use of your information (you provide explicit, informed, freely given consent, in relation to any such use and you may withdraw your consent in the circumstance detailed below by notifying us);

3.2 Contract performance: where your information is necessary to enter into or perform our contract with you;

3.3 Legal obligation: where we need to use your information to comply with our legal obligations;

3.4 Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and

3.5 Legal claims: where your information if necessary for us to defend, prosecute or make a claim against you or a third party.

If you are using the Website on behalf of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data with us. For the avoidance of any doubt, any reference in this privacy policy to your data shall include data about other individuals that you have provided to us.

  1. WHERE WE STORE YOUR PERSONAL INFORMATION

The personal data that we collect from you is generally processed in the European Economic Area (“EEA”), United Kingdom and Switzerland and stored on Amazon Web Services (Ireland) cloud servers. Your personal data may however need to be processed by staff operating in countries that are outside of the EEA, United Kingdom and Switzerland, If your personal data is transferred to a country or territory other than the aforementioned, such transfers will only take place if: (a) the country ensures an adequate level of data protection; (b) one of the conditions listed in Article 46 of the GDPR (or its equivalent under any successor legislation) is satisfied; or ( c) the personal data is transferred on the basis that the data processing party has appropriate safeguards in place for the transfer and processing of such personal data.

Your passwords are stored on our servers in encrypted form. We do not disclose your account details. It is your responsibility to keep your password secure. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our mobile app, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.

  1. HOW LONG WE STORE YOUR CUSTOMER ACCOUNT DATA

We will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask us to delete specific personal information from your Customer Account, we will honour this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.

Customer Account Data stored in our system(s) is generally stored up to 7 years following closure of your account unless there is a specific need or obligation to retain your information longer (like in the case of an open investigation, audit or other legal matter).

Invoice records, including their digital equivalent, may be retained in identifying form by us for longer periods for accounting, tax, and audit purposes depending on and in accordance with applicable tax law.

  1. DISCLOSURE OF YOUR INFORMATION

We do not share, sell, or otherwise publicise our users’ personal information.

We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:

  • Employees and Independent Contractors : We may disclose information about you to our employees and individuals who are our independent contractors, who need to know the information in order to help us provide the Website or to process the information on our behalf. We require our employees and independent contractors to follow this Privacy Policy for personal information that we share with them.
  • As Required by Law: We may disclose information about you in response to a subpoena, court order, or other governmental request.
  • To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect our property or our rights, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
  • Business Transfer s: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that we go out of business or into liquidation, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
  • With Your Consent: We may share and disclose information with your consent or at your direction.
  • Aggregated and De-Identified Information: We own and retain all rights to non-personal statistical information collected and compiled by us, unless otherwise agreed to in writing. By accepting this policy, respondents give permission for their answers to be used anonymously in statistical analysis for research purposes. The website may at times use a minimal build of Google Analytics, a service which transmits website traffic data to Google servers in the United States and allows us to notice trends to improve the user experience on our website. This minimal build processes personal data such as the unique User ID set by Google Analytics, the date and time, the title of the page being viewed, the URL of the page being viewed, the URL of the page that was viewed prior to the current page, the screen resolution, the time in local time-zone, the files that were clicked on and downloaded, the links clicked on to an outside domain, the type of device, and the country, region, and city. You may opt-out of this tracking at any time by activating the “Do Not Track” setting in your browser.

We do not accept responsibility for email correspondence, or any other interaction resulting from email correspondence, sent in error due to incorrect contact information provided by a client or participant.

Please be aware that some organisations monitor employees’ internet traffic, including encrypted web traffic. We cannot conceal your responses or identity from such monitoring systems. We recommend that you familiarise yourself with the network monitoring policy of your organisation.

  1. SECURITY

We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit, and enforcement of least privilege and need-to-know principles. To the extent the Website requires you to provide any Financial Account Information, such as when you purchase subscriptions to the Website, that information will be collected and processed by third-party PCI-compliant service providers. We do not store Financial Account Information transmitted through the Website, provided that we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number, if you provide this to us, to comply with credit card processing requirements of authorizations, charges and chargebacks.

  1. INTERACTIONS WITH OTHERS

This Privacy Policy applies only to the Website. It does not apply to products, services, or sites that are provided by or operated by third parties, even if such products, services or sites are linked or redirected to or from the Website (“Third-Party Sites”), regardless of whether or not such link or redirection is authorized by us. Third-Party Sites or Apps may have their own policies regarding privacy, or no policy at all. The fact that we link to a Third-Party Site is not an endorsement, authorisation, or representation that we are affiliated with that third party. We are not responsible for Third-Party Sites, and you use them at your own risk. We encourage you to read the privacy policies and terms of the Third-Party Sites that you visit or use.

  1. WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR PERSONAL DATA?

Under Protection of Personal Information Act 4 of 2013 (POPIA) and the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at queries@theheartshine.org

You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardises the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!). You can also contact us directly at queries@theheartshine.org if you have any additional requests or questions:

9.1 Right to rectification:
If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.

9.2 Right to erasure / ‘Right to be forgotten’:

You can request that we erase some or all of your Personal Data from our systems. Please note that if you request the deletion of information required to provide the Website to you, your User Account will be deactivated and you will lose access to the Website.

9.3 Right to data portability:

You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible. For the following, please email us at queries@theheartshine.org

9.4 Right to restriction of processing / Withdrawal of consent:

If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilise some or all of the Website. You can ask us to restrict further processing of your Personal Data. You also have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

9.5 Right to complain:

You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for marketing purposes.

9.6 Closing Your Account:

You may close an account, and upon termination of your User Account, we will take reasonable steps to provide, modify, or delete your Personal Data as soon as is practicable. However, we may nevertheless retain your Personal Data to protect our business interests, our affiliates, vendors, and other users, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.

We will not retain Personal Information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances –

  1. where the retention of the record is required or authorised by law;
  2. we require the record to fulfil its lawful functions or activities;
  3. retention of the record is required by a contract between the parties thereto;
  4. the user has consented to such longer retention; or
  5. the record is retained for historical, research or statistical purposes provided safeguards are put in place to prevent use for any other purpose.

Accordingly, we will, subject to the exceptions noted herein, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.

Where we retain Personal Information for longer periods for statistical, historical or research purposes, we will ensure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with this Policy and the applicable laws.

Once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, we will ensure that the Personal

Information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal Information.

In instances where we de-identify your Personal Information, we may use such de-identified information indefinitely.

We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.

Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use the Website, or at least those aspects of the Website which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Website.

  1. ENFORCEMENT AND RECOURSE

We take our privacy commitments very seriously. We will conduct internal audits of our compliance with this Privacy Policy, and work to ensure that our employees and service providers also adhere to the Privacy Policy. If you have any questions or concerns regarding privacy related to the Website please send us a detailed message to queries@theheartshine.org, and we will try to resolve your concerns.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

  1. CHANGES TO THE PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy, you will be notified via email (if you have an account where we have your contact information) or otherwise in some manner through the Website that we deem reasonably likely to reach you (which may include posting a new privacy policy on the HEARTSHINE Website—or a specific announcement on this page). Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the Website (or as otherwise indicated at the time of posting) or on the Effective Date set forth in the modified Privacy Policy. In all cases, your continued use of the Website after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

  1. EMBEDDED CONTENT FROM OTHER WEBSITES

Articles/ Posts on the Website may include embedded content (e.g. videos, charts, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website. 

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

  1. WHAT IF YOU HAVE QUESTIONS REGARDING YOUR PERSONAL DATA?

Please contact us if you have any questions or comments about our privacy practices or this Privacy Policy. You can reach us online at queries@theheartshine.org or by mail at:

HEARTSHINE NPC
Attention: Public Officer
104 San Michele
52 Victoria Road
Clifton
Western Cape
South Africa