Privacy Policy

TABLE OF CONTENTS

  1. DEFINITIONS
  2. PURPOSE OF THIS POLICY
  3. PROCESS OF COLLECTING PERSONAL INFORMATION
  4. LAWFUL PROCESSING OF PERSONAL INFORMATION
  5. SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN
  6. PURPOSE FOR PROCESSING PERSONAL INFORMATION
  7. TYPES OF PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION PROCESSED
  8. KEEPING PERSONAL INFORMATION ACCURATE
  9. STORAGE AND PROCESSING OF PERSONAL INFORMATION BY COCHRANE AND THIRD PARTY SERVICE PROVIDERS
  10. HOW WE USE COOKIES
  11. USE OF PERSONAL INFORMATION ON OUR WEBSITE AND FOR MARKETING PURPOSES
  12. RETENTION OF PERSONAL INFORMATION
  13. FAILURE TO PROVIDE PERSONAL INFORMATION
  14. SAFE-KEEPING OF PERSONAL INFORMATION
  15. DATA BREACHES
  16. PROVISION OF PERSONAL INFORMATION TO THIRD PARTIES AND ASSOCIATED COMPANIES
  17. ACCESS TO PERSONAL INFORMATION
  18. CHANGES TO THIS POLICY
  19. CONTACTING US

DEFINITIONS

In this Policy (as defined below), unless the context requires otherwise, the following words and expressions bear the meanings assigned to them and cognate expressions bear corresponding meanings –
“Affiliates” means any company or other entity operating in foreign markets and that is controlled by or under common control with Cochrane, where ‘control’ means the possession, directly or indirectly, of the power to direct the management and policies of an entity;
“Associated Companies” means any separate company or other entity operating in foreign markets that is associated with Cochrane, that is not controlled by or under common control with Cochrane, where ‘control’ means the possession, directly or indirectly, of the power to direct the management and policies of an entity;
“Child” means any natural person under the age of 18 (eighteen) years;
“Cochrane” means the Cochrane group companies, including CSP and its Affiliates;
“CSP” means Cochrane Steel Products Proprietary Limited, a private body registered under South African law, with registration number 1973/006991/07;
“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information under the control of or in the possession of Cochrane;
“Data Subject” has the meaning ascribed thereto under POPIA which may include a Third Party, customers and our employees and where appliable Affiliates and Associated Companies;
“Personal Information” has the meaning ascribed thereto under POPIA and specifically includes any form of information that can be used to identify a Data Subject;
“Policy” means this Privacy Policy;
“POPIA” means the Protection of Personal Information Act No. 4 of 2013;
“Processing” has the meaning ascribed thereto under POPIA and “Process” has a corresponding meaning;
“Regulator” means the Information Regulator established in terms of POPIA;
“Responsible Party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Information;
“Special Personal Information” means Personal Information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, biometric information or criminal behaviour; and
“Third Party” means any third party service provider, supplier, independent contractor or consultant of Cochrane.

PURPOSE OF THIS POLICY

The purpose of this Policy is to inform Data Subjects about how Cochrane Processes their Personal Information.
Cochrane, in its capacity as Responsible Party, shall strive to observe, and comply with its obligations under POPIA as well as accepted information protection principles, practices and guidelines when it Processes Personal Information from or in respect of a Data Subject.
This Policy applies to Personal Information collected by Cochrane in connection with Cochrane’s provision of Cochrane designed and manufactured security perimeter barriers products (i.e. ClearVu) and engineering services. This includes information collected directly from you as a Data Subject, as well as information we collect indirectly through any Third Parties, Associated Companies and from any other public source, where such information is made available.
This Privacy Policy does not apply to the information practices of Third Parties and Associated Companies whom we may engage with in relation to our purpose (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that Cochrane does not manage or employ. To the extent that Third Parties are required to Process Personal Information in their own right and not necessarily only for and in relation to Cochrane, they will each be responsible for complying with their legal obligations relating to such Processing activities. Each of these Third Parties, Third-Party sites and Associated Companies may have their own privacy policies and terms and conditions and we encourage you to read them before using them.

PROCESS OF COLLECTING PERSONAL INFORMATION

Cochrane will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.
Cochrane generally collects Personal Information directly from Data Subjects or it may obtain Personal Information from Third Parties.

LAWFUL PROCESSING OF PERSONAL INFORMATION

Where Cochrane is the Responsible Party, it will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where –
consent of the Data Subject (or a competent person, where the Data Subject is a Child) is obtained;
Processing is necessary to carry out the actions for the conclusion of a contract to which a Data Subject is a party;
Processing complies with an obligation imposed by law on Cochrane;
Processing protects a legitimate interest of the Data Subject; and/or
Processing is necessary for pursuing the legitimate interests of Cochrane or of a third party to whom the information is supplied.
Cochrane will only Process Personal Information where one of the legal bases referred to in paragraph 4.1 above are present.
Where required (i.e., where we are not relying on a legal ground listed in paragraph 4.1 above), Cochrane will obtain the Data Subject’s consent prior to collecting, and in any case, prior to using or disclosing the Personal Information for any purpose.
Where Cochrane is relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/her/its consent or may object to Cochrane’s Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent or any Processing justified by any other legal ground provided under POPIA.
If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, Cochrane will no longer Process the Personal Information

SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN

Special Personal Information is sensitive Personal Information of a Data Subject and Cochrane acknowledges that it will Process Special Personal Information where –
Processing is carried out in accordance with the Data Subject’s consent;
Processing is necessary for the establishment, exercise or defence of a right or obligation in law;
Processing is for historical, statistical or research purposes, subject to stipulated safeguards;
The Personal Information has deliberately been made public by the Data Subject; or
specific authorisation applies in terms of POPIA.
Cochrane acknowledges that it may not Process any Personal Information concerning a Child and will only do so where it has obtained the consent of a legally competent person (i.e. the parent or guardian of that Child) or where it is permitted to do so in accordance with applicable laws.

PURPOSE FOR PROCESSING PERSONAL INFORMATION

Cochrane understands its obligation to make Data Subjects aware of the fact that it is Processing their Personal Information and inform them of the purpose for which Cochrane Processes such Personal Information.
Cochrane will only Process a Data Subject’s Personal Information for a specific, lawful and clear purpose (or for specific, lawful and clear purposes).
It will ensure that there is a legal basis for the Processing of any Personal Information. Further, Cochrane will ensure that Processing will relate only to the purpose for and of which the Data Subject has been made aware (and where relevant, consented to) and will not Process any Personal Information for any other purpose(s).
Cochrane will generally use Personal Information for purposes required to operate and manage its operations as manufacturer of high-security perimeter barriers products (i.e. ClearVu) and related engineering services and these purposes include one or more of the following non-exhaustive purposes:
to establish and manage business or customer relationship and provide customer service and support, including responding to inquiries, processing orders and transactions and delivering products and services ;
for providing the services and products as per customer requests including to manage or fulfil contracts and orders (e.g. the sale, design, installation, delivery, execution o our products and services), and to provide product/service-related information;
in connection with the execution of payment processing functions, including payment of suppliers’/service providers’ invoices;
for purposes of monitoring the use of Cochrane’s electronic systems by customers;
for purposes of preventing, discovering and investigating non-compliance with this Policy, and other Cochrane policies, and investigating fraud, or other related matters;
for employment-related purposes such as recruitment, administering payroll, and carrying out background checks;
in connection with internal audit purposes (i.e. ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);
in connection with external audit purposes. For this purpose, Cochrane engages external service providers and, in so doing, shares Personal Information of the Data Subjects with Third Parties;
to respond to any correspondence that a Data Subject may send to Cochrane, including via email or by telephone;
to contact the Data Subject for marketing purposes subject to the provisions of paragraph 11 below;
in order to receive and address inquiries or complaints in respect of Cochrane’s operations;
for such other purposes to which the Data Subject may consent from time to time;
to analyse and better understand Cochrane’ customers business needs and to improve the delivery and provision of products and services, including customer services;
to comply with applicable legal obligations imposed on Cochrane; and
for such other purposes as authorised in terms of applicable law.

TYPES OF PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION PROCESSED

Cochrane collects and Processes Personal Information required to effectively carry out its business. The Personal Information that is Processed includes the following –
Data Subjects: Personal Information
Children: Name Birthdays
Customers: Name and Surname (if individuals) Company name and registration number Directors/ authorized representative details Contact details for representative persons identity number/social security number/passport numbers (if individuals) Contact details Physical and postal address Tax reference number FICA documentation
Employees: Name and Surname identity number/social security number/passport numbers (if individuals) Contact details Physical and postal address Date of birth Age Disability Information Employment history Criminal/background checks Education history Banking details Income tax reference number Remuneration and benefits information (including medical aid, pension/provident fund information) Disciplinary procedures Employee disability information Employee performance records Physical access records CCTV records Health and safety records Time and attendance records
New Job Applicants: Name and Surname Address Contact details Email address Telephone number Details of qualifications and Skills Employment history Information about a Data Subject’s entitlement to work in South Africa
Suppliers /Third Parties / Associated Companies: Entity name Registration number Income tax number Contact details for representative persons FICA documentation BBB-EE certificates Invoices Bank Account and Payment details
Website Visitors: IP address Email address / contact details (if provided by Data Subject)
Visitors: Physical access records Electronic access records scans and CCTV records

KEEPING PERSONAL INFORMATION ACCURATE

Cochrane will take reasonable steps to ensure that all Personal Information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which Personal Information is collected or further processed.
Cochrane may not always expressly request the Data Subject to verify and update his/her/its Personal Information unless this process is specifically necessary.
Cochrane, however, expects that the Data Subject will notify Cochrane from time to time in writing of any updates required in respect of his/her/its Personal Information.

STORAGE AND PROCESSING OF PERSONAL INFORMATION BY COCHRANE AND THIRD PARTY SERVICE PROVIDERS

Cochrane may store your Personal Information in hardcopy format and/or in electronic format using Cochrane’s own secure on-site servers or other internally hosted technology. Your Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom Cochrane has contracted with, to support Cochrane’s operations.
Cochrane’s Third Parties, including data storage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.
Cochrane will ensure that such Third Parties will process the Personal Information in accordance with the provisions of this Policy, all other relevant internal policies and procedures and POPIA.
These Third Parties do not use or have access to your Personal Information other than for purposes specified by us, and Cochrane requires such parties to employ at least the same level of security that Cochrane uses to protect your personal data.

HOW WE USE COOKIES

Our website uses cookies – which are small text files sent by a web server to store on a web browser. These cookies are used to ensure that our website functions properly, it stores user preferences when needed and collects anonymous statistics on website usage.
Our website may use the following types of cookies for the following purposes:
Strictly Necessary Cookies. Strictly necessary cookies are necessary for the website to function and cannot be switched off in our systems. These cookies are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the site from working. These cookies typically do not store personal data information.
Functional Cookies. Functional cookies enable our websites to provide enhanced functionality and personalisation. They may be set by us or by duly appointed third party service providers whose services we have added to our pages. If you reject these cookies then some or all of these services may not function properly.
Performance Cookies. Performance cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. These cookies help us understand how our sites are being used, such as which sites are the most and least popular and how people navigate around the site. The information collected in these cookies is aggregated, meaning that they do not relate to you personally. Opting out of these cookies will prevent us from knowing when you have visited our site and will prevent us from monitoring site performance. In some cases, these cookies may be sent to our Third Parties to help us manage these analytics. Some specific third parties we use include Google Analytics, as described below:
Google Analytics. Our website may use certain Google Analytics features to collect information and report site usage statistics without personally identifying individual visitors to Google.  ‘_ga’ is the main cookie used by Google Analytics. ‘_ga’ enables a service to distinguish one user from another and lasts for 2 years.  If you would like to opt-out of having your data used by these cookies, please use Google’s opt-out tool, available here: https://tools.google.com/dlpage/gaoptout/.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies our system will issue cookies when you log onto the website. If you accept a “cookie” or fail to deny the use of “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of our website.

USE OF PERSONAL INFORMATION ON OUR WEBSITE AND FOR MARKETING PURPOSES

Website users may share Personal Information with Cochrane via our website. The provisions of this Policy apply to the personal information which is shared with Cochrane on the website.
Where Cochrane carries out any marketing activities, it will comply with its obligations under POPIA.
Cochrane will ensure that a reasonable opportunity is given to the Data Subject to object to the use of their Personal Information for Cochrane’s marketing purposes when collecting the Personal Information and to “unsubscribe” or ‘opt-out” of receiving marketing material on each occasion of Cochrane providing a marketing communication.
Cochrane will not use your Personal Information to send you marketing materials if you have requested not to receive them and if you have requested that Cochrane stop Processing your Personal Information for marketing purposes, Cochrane shall do so.

RETENTION OF PERSONAL INFORMATION

Cochrane may keep records of the Personal Information it has collected, correspondence, or comments it has collected in an electronic or hardcopy file format.
In terms of POPIA, Cochrane may not retain Personal Information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances –
where the retention of the record is required or authorised by law;
Cochrane requires the record to fulfil its lawful functions or activities;
retention of the record is required by a contract between the parties thereto;
the Data Subject (or competent person, where the Data Subject is a Child) has consented to such longer retention; or
the record is retained for historical, research or statistical purposes provided safeguards are put in place to prevent use for any other purpose.
Accordingly, Cochrane will, subject to the exceptions noted in this Policy, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.
Once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, Cochrane will ensure that the Personal Information is deleted, destroyed or de-identified sufficiently.

FAILURE TO PROVIDE PERSONAL INFORMATION

Should Cochrane need to collect Personal Information by law or under the terms of a contract that Cochrane may have with you or by virtue of you being a Third Party and you fail to provide the Personal Information when requested, we may be unable to perform the contract we have or are attempting to enter with you.
In such a case, Cochrane may have to decline to provide the relevant services, and you will be notified where this is the case.

SAFE-KEEPING OF PERSONAL INFORMATION

Cochrane shall preserve the security of Personal Information and, strive to take steps to prevent its alteration, loss and damage, or access by non-authorised third parties.
Cochrane will ensure the security and integrity of Personal Information in its possession or under its control with appropriate, reasonable technical and organisational measures to prevent the loss, unlawful access and unauthorised destruction of Personal Information.
Cochrane has implemented physical, organisational, contractual and technological security measures (having regard to generally accepted information security practices or industry-specific requirements or professional rules) to keep all Personal Information secure, including measures protecting any Personal Information from loss or theft, and unauthorised access, disclosure, copying, use or modification. Further, Cochrane maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.

DATA BREACHES

A Data Breach can happen for many reasons, which include: (a) loss or theft of data or equipment on which Personal Information is stored; (b) inappropriate access controls allowing unauthorised use; (c) equipment failure; (d) human error; (e) unforeseen circumstances, such as a fire or flood; (f) deliberate attacks on systems, such as hacking, viruses or phishing scams; and/or (g) alteration of Personal Information without permission and loss of availability of Personal Information.
Cochrane will address any Data Breach in accordance with the terms of POPIA.
Cochrane will notify the Regulator and the affected Data Subject (unless the applicable law requires that we delay notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject’s Personal Information.
Cochrane will provide such notification as soon as reasonably possible after it has become aware of any Data Breach in respect of such Data Subject’s Personal Information.

PROVISION OF PERSONAL INFORMATION TO THIRD PARTIES AND ASSOCIATED COMPANIES

Cochrane may disclose Personal Information to Third Parties and Associated Companies and will enter into written agreements with such Third Parties and/or and Associated Companies to ensure that they Process any Personal Information in accordance with the provisions of this Policy and POPIA.
Cochrane notes that such Third Parties may assist Cochrane with the purposes listed in paragraph 6.4 above – for example, service providers may be used, inter alia,
for data storage;
to assist Cochrane with auditing processes (external auditors); and/or
to notify the Data Subjects of any pertinent information concerning Cochrane.
Cochrane will disclose Personal Information with the consent of the Data Subject or if Cochrane is permitted to do so without such consent in accordance with applicable laws.
Further, Cochrane may also send Personal Information to a foreign jurisdiction outside of the Republic of South Africa, including for Processing and storage by Third Parties and Associated Companies.
When Personal Information is transferred to a jurisdiction outside of the Republic of South Africa including to any cloud, data centre or server located outside of South Africa, Cochrane will obtain the necessary consent to transfer the Personal Information to such foreign jurisdiction or may transfer the Personal Information where Cochrane is permitted to do so in accordance with the provisions applicable to cross-border flows of Personal Information under POPIA.

ACCESS TO PERSONAL INFORMATION

POPIA read with the relevant provisions of the Promotion of Access to Information Act, No. 2 of 2000 (“PAIA“) confers certain access rights on Data Subjects. Please refer to Cochrane’s PAIA Manual https://www.cochraneglobal.com/wp-content/uploads/Cochrane_PAIAManual_-27052024.pdf or more details. These rights include –
a right of access: a Data Subject having provided adequate proof of identity has the right to: (i) request a Responsible Party to confirm whether any Personal Information is held about the Data Subject; and/or (ii) request from a Responsible Party a description of the Personal Information held by the Responsible Party including information about Third Parties who have or have had access to the Personal Information. A Data Subject may request:
Cochrane to confirm, free of charge, whether it holds any Personal Information about him/her/it; and
to obtain from Cochrane the record or description of Personal Information concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the Personal Information. Such record or description is to be provided: (a) within a reasonable time; and (b) in a reasonable manner and format and in a form that is generally understandable.
a right to request correction or deletion: a Data Subject may also request Cochrane to –
correct or delete Personal Information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
destroy or delete a record of Personal Information about the Data Subject that Cochrane is no longer authorised to retain records in terms of POPIA’s retention and restriction of records provisions, provided that:

on receipt of such a request, Cochrane is required to, as soon as is reasonably practicable –
correct the information;
delete or destroy the information;
provide the Data Subject with evidence in support of the information; or
where the Data Subject and Responsible Party cannot reach an agreement on the request and if the Data Subject requests this, Cochrane will take reasonable steps to attach to the information an indication that correction has been requested but has not been made;
a right to withdraw consent and to object to processing: a Data Subject that has previously consented to the Processing of his/her/its Personal Information has the right to withdraw such consent and may do so by providing Cochrane with notice to such effect at the address set out in paragraph 19. Further, a Data Subject may object, on reasonable grounds, to the Processing of Personal Information relating to him/her/it.
Accordingly, Cochrane may request the Data Subject to provide sufficient identification to permit access to or provide information regarding the existence, use or disclosure of the Data Subject’s Personal Information. Any such identifying information shall only be used for the purpose of facilitating access to or information regarding the Personal Information.
The Data Subject can request in writing to review any Personal Information about the Data Subject that Cochrane holds including Personal Information that Cochrane has collected, utilised or disclosed.
Cochrane shall respond to these requests in accordance with POPIA and PAIA and provide the Data Subject with any such Personal Information to the extent required by law and any of Cochrane’s policies and procedures which apply in terms of the PAIA.
The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information in Cochrane’s records at any time in accordance with the process set out in the PAIA Manual for accessing information.
If a Data Subject successfully demonstrates that their Personal Information in Cochrane’s records is inaccurate or incomplete, Cochrane will ensure that such Personal Information is amended or deleted as required (including by Third Parties or Associated Companies).
Cochrane will respond to each written request of a Data Subject no later than 30 days after receipt of such requests. Under certain circumstances, Cochrane may, however, extend the original period of 30 days once for a further period of up to 30 days.
A Data Subject has the right to make a complaint to Cochrane in respect of this time limit by contacting Cochrane using the contact details provided in paragraph 19 below.
The prescribed fees to be paid for copies of the Data Subject’s Personal Information are referenced in the PAIA Manual.

CHANGES TO THIS POLICY

Cochrane reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.
The current version of this Policy will govern the respective rights and obligations between you and Cochrane each time that you access and use our site.

CONTACTING US

All comments, questions, concerns or complaints regarding your Personal Information or this Policy, should be forwarded to our Information Officer Jennifer Leigh Cochrane at compliance@cochraneglobal.com.
If required, the Data Subject can contact the office of the Regulator, the details of which are:
Website:
https://inforegulator.org.za
Physical Address: JD House, 27 Siemens Street, Braamfontein, Johannesburg, 2001.
Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017
General enquiries: enquiries@inforegulator.org.za.
Complaints: (complete POPIA/PAIA form 5) and send it to PAIAComplaints@inforegulator.org.za should your PAIA request be denied or there is no response for access to records you may use this email address to lodge a complaint. Should you feel that your Personal Information has been violated, you may use this e-mail address to lodge a complaint at POPIAComplaints@inforegulator.org.za –