POLITIQUE DE CONFIDENTIALITÉ

Cette déclaration de confidentialité s'applique à tous les processus commerciaux et sites Web, zones d'opération, solutions mobiles, services cloud et autres services offerts par Century. Sauf indication contraire séparée, cette déclaration de confidentialité s'applique également au traitement des données personnelles effectué par d'autres sociétés appartenant à Century.

Les sites Web et autres services de Century peuvent en outre, de temps à autre, inclure des liens vers les réseaux sociaux de tiers. Ces réseaux sociaux de tiers, et tout traitement de données personnelles s'y déroulant, sont soumis aux déclarations de confidentialité des tiers en question.

Cette déclaration de confidentialité concerne le traitement des données personnelles effectué par Century lorsque Century – ou une société appartenant à Century – est le contrôleur. Nous traitons toujours vos données personnelles uniquement dans la mesure nécessaire à la fourniture de nos services, et toujours conformément à la législation applicable.

En nous fournissant vos données personnelles, vous indiquez que vous avez lu et connaissez les méthodes de traitement et les conditions applicables au traitement des données personnelles conformément à cette déclaration de confidentialité. Si vous n'acceptez pas les principes de traitement décrits dans cette déclaration de confidentialité, veuillez ne pas nous fournir vos données personnelles.

1. Contrôleur

Sauf indication contraire séparée, le contrôleur concernant les données personnelles traitées conformément à cette déclaration de confidentialité est :

Century Laboratory Limited
21 Woodlands Drive
Woodmead, Johannesburg
Afrique du Sud
Tél : +27 79 238 2076

2. Et/ou (au cas par cas) :

La société appartenant à Century à laquelle vous avez divulgué vos données personnelles ou de laquelle vous avez reçu des communications marketing. Si vous n'êtes pas sûr de qui est le contrôleur de vos données personnelles, vous pouvez contacter Century en utilisant les coordonnées fournies dans cette déclaration de confidentialité. Objectif et base juridique du traitement des données personnelles. Century traite les données personnelles aux fins suivantes :

3. Gestion de la relation client

Century traite les données personnelles qu'elle collecte principalement dans le but de fournir et de produire les services Century auxquels la personne s'est abonnée ou commandée, ou pour lesquels la personne s'est inscrite en tant qu'utilisateur. Les données personnelles sont traitées pour la gestion et l'analyse de la relation avec le client – ou toute autre connexion appropriée – ainsi que pour la production de services, le développement et la planification commerciale, ainsi que pour les études d'opinion et de marché et la communication client, qui peuvent également être mises en œuvre numériquement et de manière ciblée.

Century may also process the personal data it collects for marketing purposes, provided that the person in question has given their consent to this or, in certain cases, has not separately forbidden it. The person has, at any time, the right to withdraw their consent for the use of their data in marketing purposes either by using the contact details provided in this Privacy Statement or by exercising the opt-out possibility given in the marketing communications (such as a ‘Unsubscribe’ link).

Century does not sell or disclose the personal data it processes to third parties for the marketing purposes of these parties, unless the person in question has given their separate consent to this. Century’s marketing measures carried out on behalf of other controllers in its capacity as a processor for these controllers are described below.

4. Legal basis for processing

Century processes your personal data on varying legal bases, depending on whether Century is the controller or processor with regard to your personal data. When Century itself is the controller, the processing of your personal data is based on either a) the implementation of the agreement on the Century servicess which the data subject has ordered from Century, b) the implementation of Century’s legitimate interests related to the data subject’s customer relationship, or c) the consent provided by the data subject. When Century serves as a processor to its corporate customer which is the controller, Century’s processing of your personal data is based on the agreement between Century and the controller on the order of services.

The provision of personal data to Century is not primarily a condition for the agreement or the delivery of services. If this is nevertheless the case and Century cannot, for instance, implement the services you have ordered without your personal data, the provision of this data is separately indicated as being required. A failure to provide such data, indicated as required, may prevent Century from delivering the services you have ordered or limit their delivery to a considerable degree.

5. Personal data subject to processing

Century may process the following personal data, among others, for the purposes of customer relationship management and marketing:

• first and last name
• contact details (postal address, telephone number, email address)
• the start and end date of the customer relationship and/or appropriate connection as well as the method by which it started and ended
• direct marketing opt-ins and opt-outs
• business ID (businesses)
• information pertaining to the use of digital services and contents (e.g. subscriptions to newsletters)
• information related to marketing and sales promotion, such as marketing measures targeted at the data subject and participation in them

In addition, Century may process, in connection to the management of customer relationships, the following data on persons who have bought a product and/or service:

• customer number
• business ID
• invoicing details
• contact people (name, phone number, email)
• information related to the management of the customer relationship or other appropriate connection and communication as well as categorisation (e.g. information on the products and services bought or canceled, delivery information, feedback, complaints and the recording of customer service events such as phone calls, emails and support messages)

6. Regular information sources

The personal data of data subjects is collected primarily directly from the data subjects themselves when, for instance, data subjects themselves disclose their personal data in connection to subscribing to a newsletter, through various Century servicess used by the data subjects, and in connection to different marketing measures, such as marketing prize draws or competitions and events.

Furthermore, personal data may be collected and updated from the registries of our partners and from companies providing services pertaining to personal data, to whom a data subject has given their consent for the disclosure of their personal data. Third parties of this kind, from whom Century may collect data related to the data subjects, can include various companies providing credit references and address data.

7. Regular disclosure of data

Century discloses personal data only in cases and to the extent to which is necessary for the proper delivery of services. Century always complies with appropriate protective measures to ensure the protection of personal data in connection to disclosures.

Century may occasionally have to disclose the personal data it processes to competent authorities or other equivalent parties in the manner required by said competent authorities or other parties pursuant to valid legislation.

In the event that we dispose of, merge or otherwise reorganise our business operations, or acquire new ones, the personal data of users may be disclosed to the buyer or potential buyers and their advisers.

Data can be disclosed to partners selected by Century and to service providers who process the data on behalf of the controller on the basis of a cooperation agreement between the parties. In such cases, Century always ensures that the partners and service providers participating in the processing of personal data are contractually bound to comply with confidentiality and data protection and that the personal data is processed solely for Century’s purposes described in this Privacy Statement.

Transfer of data outside the EU or the EEA

We do not, as a rule, transfer data outside of South Africa or to the EU or the EEA. In some situations (such as where our service provider or servers are located outside the EEA) we may nevertheless also have to transfer the personal data we have collected to non-EEA countries, in which the level of data protection has not necessarily been found to be adequate by the European Commission (such as the United States).

If we transfer data outside the EU or the EEA to countries with an inadequate level of data protection, we ensure the personal data’s adequate level of data protection by, among other things, agreeing on matters related to the confidentiality and processing of personal data as required by legislation, such as by using standard contractual clauses adopted by the European Commission or by means of other equivalent protective mechanisms. The European Commission’s standard contractual clauses are available on the European Commission’s website, and you can request a copy of the other transfer bases by contacting Century.

8. Protection of personal data

We use any necessary and appropriate technological and organisational information security measures to protect personal data against unauthorised access, disclosure, destruction or other unauthorised use. Such measures include the use of firewalls and secure hardware facilities, appropriate physical access control, the managed granting of access rights and the monitoring of their use, the employment of encryption technologies, training the personnel participating in the processing of personal data, and the careful selection of subcontractors.

9. Storage period of personal data

Century stores your personal data only for as long as they are needed for the aforementioned purposes of use or the fulfilment of statutory obligations. When the personal data we have collected is no longer needed, we destroy or erase it in a secure manner.

10. Data subject’s rights and exercising them

Data protection legislation guarantees data subjects several rights with regard to their personal data, which Century has also undertaken to implement. Among other things, the user of Century’s services has the right to check the personal data stored on them and to request a copy of the personal data collected on them. When the processing of the personal data of an Century user is based on the user’s consent, the user has the right to withdraw the consent they have given at any time.

At the request of a user, we will rectify, erase or complete any personal data erroneous, unnecessary, incomplete or outdated in terms of the processing purpose.  Users also have the right to request the erasure of their personal data (what is referred to as the right to be forgotten) if the processing has been based on the user’s consent and the user withdrawn their consent; the user’s personal data has been processed illegally; or if the user objects to the processing of their personal data and there are no legitimate grounds for the processing.

In some cases, the user also has the right to request the restriction of processing, object to the processing, and to request the data’s transmission from one system to another, or to another controller. Users may have this right in a situation where there is no longer a legal basis for the processing, but in which, in lieu of the data’s erasure, the user merely wants to restrict the processing, or when the processing has been based on consent and has been automatic.

Users have the right to file a complaint with a competent supervisory authority concerning the processing of a user’s personal data carried out by Century , should the user perceive Century not to have processed the user’s data as required by the applicable data protection legislation, or if the user’s requests related to their rights guaranteed by law have not been implemented appropriately. You can find the contact details of all competent data protection authorities in EEA countries here.

If you wish to exercise one of the aforementioned rights guaranteed to you by law, you can do so by contacting Century (or, depending on the case, the company belonging to Century serving as the controller) through the contact details provided in this Privacy Statement. In some cases, Century may have to request further information from you to ensure that you are the person you claim to be. In the event that Century serves merely as the processor of another controller in respect of your personal data, Century will instruct you to contact the controller in question in relation to your requests. In terms of some services, Century also offers you the possibility to check, modify, and erase your own data by signing in to Century’s user portal.  If you are provided with such an opportunity, Century recommends that you primarily update your data through the user portal in question.

11. Automated data collection

Century employs widely used digital marketing methods and tools to gather data on your movements on our websites. This data is collected to improve the usability and content of our website, target advertising, and marketing as well as to investigate the interests of visitors. For the most part, such data is gathered with the help of cookies (see below) and does not allow for attribution to a person.