2.1 For the purposes of this section, Personal Information will be understood in accordance with the definition provided in the Protection of Personal Information Act 4 of 2013 (“the Act”). Bubble Tea Shop Online also subscribes to the principles for electronically collecting personal information outlined in the Act, and the further legislation referred to therein. We endeavour to ensure the quality, accuracy and confidentiality of Personal Information in our possession.
2.3 Users will be prompted to register an account with Bubble Tea Shop Online. In so doing, users may be asked to provide the following information (Personal Information):
2.3.4 Physical address.
2.3.5 Phone number.
2.3.6 Company / CC / business name.
2.5 All payment information will be captured through the Website. Further, Bubble Tea Shop Online shall not retain payment information on behalf of its users.
2.6 We will not collect, use or disclose sensitive information (such as information about racial or ethnic origins or political or religious beliefs, where relevant) except with your specific consent or in the circumstances permitted by law.
2.7.1 The provision and performance of the services;
2.7.2 Informing you of changes made to our website;
2.7.3 The provision of marketing related services to you by Bubble Tea Shop Online;
2.7.4 Responding to any queries or requests you may have;
2.7.5 Developing a more direct and substantial relationship with users for the purposes described in this clause;
2.7.6 Developing an online user profile;
2.7.7 Understanding general user trends and patterns so that we can develop and support existing and ongoing marketing strategies;
2.7.8 For security, administrative and legal purposes; and
2.7.9 The creation and development of market data profiles which may provide insight into market norms, practices and trends to help us improve our offering to you. Such information will be compiled and retained in aggregated form, but shall not be used in any way which may comprise the identity of a user.
2.8 Although absolute security cannot be guaranteed on the internet, Bubble Tea Shop Online has in place up-to-date, reasonable technical and organisational security measures to protect your Personal Information against accidental or intentional manipulation, loss, misuse, destruction or against unauthorised disclosure or access to the information we process online.
2.9 While we cannot ensure or warrant the security of any Personal Information you provide us, we will continue to maintain and improve these security measures over time in line with legal and technological developments.
2.10 We store your Personal Information directly, or alternatively, store your Personal Information on, and transfer your Personal Information to, a central database. If the location of the central database is located in a country that does not have substantially similar laws which provide for the protection of Personal Information, we will take the necessary steps to ensure that your Personal Information is adequately protected in that jurisdiction.
2.11 Your information will not be stored for longer than is necessary for the purposes described in these Terms or as required by applicable legislation.
2.12 The Personal Information Bubble Tea Shop Online collects from users shall only be accessed by Bubble Tea Shop Online employees, representatives and consultants on a need-to-know basis, and subject to reasonable confidentiality obligations binding such persons.
2.13 Bubble Tea Shop Online shall have the right, but shall not be obliged, to monitor or examine any information and materials including any website link that you publish or submit to Bubble Tea Shop Online for publishing on the Site. You shall be solely responsible for the contents of all material published by yourself.
2.15 We will not sell, share, or rent your Personal Information to any third party or use your e-mail address for unsolicited mail. Any emails sent by Bubble Tea Shop Online will only be in connection with the provision of our services and/or the marketing thereof.
3 Log Files
3.1 When you visit Bubble Tea Shop Online, even if you do not create an account, we may collect information, such as your IP address, the name of your ISP (Internet Service Provider), your browser, the website from which you visit us, the pages on our website that you visit and in what sequence, the date and length of your visit, and other information concerning your computer’s operating system, language settings, and broad demographic information. This information is aggregated and anonymous data and does not identify you specifically. However, you acknowledge that this data may be able to be used to identify you if it is aggregated with other Personal Information that you supply to us. This information is not shared with third parties and is used only within Bubble Tea Shop Online on a need-to-know basis. Any individually identifiable information related to this data will never be used in any way different to that stated above, without your explicit permission.
4.1.1 “Session cookies”: These are used to maintain a so-called ‘session state’ and only lasts for the duration of your use of the Website. A session cookie expires when you close your browser, or if you have not visited the server for a certain period of time. Session cookies are required for the Platform to function optimally, but are not used in any way to identify you personally.
4.1.2 “Permanent cookies”: These cookies permanently store a unique code on your computer or smart device hard drive in order to identify you as an individual user. No Personal Information is stored in permanent cookies. You can view permanent cookies by looking in the cookies directory of your browser installation. These permanent cookies are not required for the Bubble Tea Shop Online website to work, but may enhance your browsing experience.
5 Links from Bubble Tea Shop Online
5.1 Bubble Tea Shop Online, and the services available through the Website, may contain links to other third party websites, including (without limitation) social media platforms, payment gateways, appointment scheduling and/or live chat platforms (“Third Party Websites”). If you select a link to any Third Party Website, you may be subject to such Third Party Website’s terms and conditions and/or other policies, which are not under the control, nor responsibility, of Bubble Tea Shop Online.
5.2 Hyperlinks to Third Party Websites are provided “as is”, and Bubble Tea Shop Online does not necessarily agree with, edit or sponsor the content on Third Party Websites.
5.3 Bubble Tea Shop Online does not monitor or review the content of any Third Party Website. Opinions expressed or material appearing on such websites are not necessarily shared or endorsed by us and we should not be regarded as the publisher of such opinions or material. Please be aware that we are not responsible for the privacy practices, or content, of other websites, either.
5.4 Users should evaluate the security and trustworthiness of any Third Party Website before disclosing any personal information to them. Bubble Tea Shop Online does not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.
6 Application Of The Electronic Communications And Transactions Act 25 Of 2002 (“Ect Act”)
6.1 Data Messages (as defined in the ECT Act) will be deemed to have been received by Bubble Tea Shop Online if and when Bubble Tea Shop Online responds to the Data Messages.
6.2 Data Messages sent by Bubble Tea Shop Online to a user will be deemed to have been received by such user in terms of the provisions specified in section 23(b) of the ECT Act.
6.3 Users acknowledge that electronic signatures, encryption and/or authentication are not required for valid electronic communications between users and Bubble Tea Shop Online.
6.4 Information to be provided in terms of section 43(1) of the ECT Act:
6.4.1 Users warrant that Data Messages sent to Bubble Tea Shop Online from any electronic device, used by such user, from time to time or owned by such user, were sent and or authorised by such user, personally.
6.4.2 This Website is owned and operated by BTSO (Pty) Ltd, (Registration Number: 2016/00488/07) a private company owned and operated in accordance with the laws of the Republic of South Africa.
6.5 Address for service of legal documents: 29, Lyn Road, Johannesburg, Gauteng, South Africa, 2194.
6.6 Contact Number: +27117023089.
6.7 Bubble Tea Shop Online – located at www.bubbleteashoponline.co.za;
6.8 Email address: firstname.lastname@example.org
BTSO (Pty) Ltd POPI POLICY
You, as the Disclosing Party, hereby consent to and are bound by this POPI Policy / Privacy Statement (“Privacy Statement”) of BTSO (Pty) Ltd (“Recipient”) in relation to the processing by the Recipient of the personal information of the Disclosing Party. This Privacy Statement is effective as of the date of consent hereto or the effective date of any main agreement incorporating the terms of this Privacy Statement by reference (“Agreement”), whichever is earlier.
1.1 “Affiliate” means, with respect to any entity, any other entity Controlling, Controlled by or under common Control with such entity, for only so long as such Control exists;
1.2 “Associated Personnel” means any staff member, independent contractor, agent or the like of the Recipient;
1.3 “Control” means the direct or indirect ownership of more than 50% of the voting capital or similar right of ownership of an entity, or the legal power to direct or cause the direction of the general management and policies of that entity, whether through the ownership of voting capital, by contract or otherwise. Controlled and Controlling shall be construed accordingly;
1.4 “Data Protection Laws and Regulations” means all mandatory laws and regulations, including laws and regulations of RSA, applicable to the Processing of Personal Information, including but not limited to, the POPI Act and any amendment or replacement thereof;
1.5 “Data Subject” means the individual to whom Personal Information relates as defined in section 1 of the POPI Act;
1.6 “Disclosing Party” means the natural or juristic person who consents to the terms of this Privacy Statement or agrees to an Agreement incorporating the terms of this Privacy Statement by reference, and for the purposes of this Privacy Statement, is the Data Subject;
1.7 “Operator” means a person as defined in section 1 of the POPI Act;
1.8 “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, as defined in section 1 of the POPI Act;
1.9 “POPI Act” means the Protection of Personal Information Act 4 of 2013 as may be amended from time to time;
1.10 “Processing” means processing as defined in section 1 of the POPI Act;
1.11 “Recipient” means the person which Processes Personal Information of the Disclosing Party, as defined in the preamble above. For the purposes of this Privacy Statement, the Recipient and/or Affiliates are the Responsible Parties;
1.12 “RSA” means the Republic of South Africa;
1.13 “Responsible Party” means the person which determines the purpose and means for which Personal Information is Processed, as defined in section 1 of the POPI Act; and
1.14 “Supervisory Authority” means the Information Regulator as established in RSA, pursuant to the POPI Act.
2. PROCESSING OF PERSONAL INFORMATION
2.1 The Disclosing Party hereby consents to the Processing of their Personal Information in accordance with this Privacy Statement.
2.2 The Recipient shall comply with Data Protection Laws and Regulations.
2.3 For the avoidance of doubt, Disclosing Party’s instructions to the Recipient for the Processing of Personal Information must comply with Data Protection Laws and Regulations. In addition, Disclosing Party shall have sole responsibility for the accuracy, reliability, integrity, quality, and legality of Personal Information, and the means by which Disclosing Party acquired Personal Information, including providing any required notices to, and obtaining any necessary consent from, its employees, agents or third parties, if applicable.
2.4 The Recipient will not sell, share, or rent Disclosing Party’s Personal Information to any third party or use Disclosing Party’s phone number for unsolicited messages, without the express consent of the Disclosing Party. Any messages sent by the Recipient will only be pursuant to this Agreement.
2.5 It is expressly stated that the Recipient agrees and warrants:
2.5.1 that the Processing of Personal Information shall be carried out in accordance with the relevant provisions of the Data Protection Laws and Regulations and does not violate the relevant provisions of the POPI Act;
2.5.2 that it shall throughout the duration of the Processing process the Personal Information only on the Disclosing Party’s behalf and in accordance with the Data Protection Laws and Regulations; and
2.5.3 that after assessment of the requirements of the Data Protection Laws and Regulations, the security measures are appropriate to protect Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access to the Personal Information, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the Personal Information to be protected having regard to the state of the art and the cost of their implementation.
2.6 The Recipient shall keep the Personal Information of the Disclosing Party confidential and shall only Process Personal Information on behalf of and in accordance with Disclosing Party’s documented and lawful instructions to:
2.6.1 fulfil the purpose set out in the table at the end of this Privacy Statement; and
2.6.2 comply with other documented, reasonable instructions provided by Disclosing Party (for example, via email) where such instructions are consistent with the terms of the Privacy Statement. The Recipient will not process Personal Information outside of RSA without first having obtained Disclosing Party’s consent. Provided the Recipient has sufficient legal framework under the Data Protection Laws and Regulations to process Personal Information outside of the RSA, the Disclosing Party’s consent shall not be unreasonably withheld in respect of the Processing outside of the above two jurisdictions. Disclosing Party takes full responsibility to keep the amount of Personal Information provided to the Recipient to the minimum necessary for the fulfilment of the purpose or otherwise as required by the Recipient. The Recipient shall not be required to comply with or observe Disclosing Party’s instructions if such instructions would violate Data Protection Laws and Regulations.
3. SCOPE OF PROCESSING
The nature and purpose of Processing of Personal Information by the Recipient is as set out in the table at the end of this Privacy Statement.
4. RIGHTS OF DATA SUBJECTS
4.1 The Disclosing Party shall have the right to:
4.1.1 access and rectify their Personal Information collected by the Recipient. On the request of the Disclosing Party, the Recipient will provide such access as is reasonably practicable and either allow the Disclosing Party to rectify such information themselves or implement any rectifications on behalf of the Disclosing Party;
4.1.2 object to the Processing of their Personal Information if Processing is not:
188.8.131.52 with the Disclosing Party’s consent;
184.108.40.206 protecting their legitimate interests;
220.127.116.11 necessary for the proper performance of a public law duty by a public body; or
18.104.22.168 necessary for pursuing the legitimate interests of the Recipient or its Affiliates,
unless Processing is otherwise permissible under the Data Protection Laws and Regulations or this Privacy Statement;
4.1.3 object to the Processing of their Personal Information for the purposes of direct marketing other than as allowed by the Data Protection Laws and Regulations; and
4.1.4 lodge a complaint with the Supervisory Authority at complaints.IR@justice.gov.za.
5. ASSOCIATED PERSONNEL
The Recipient shall ensure that its Associated Personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information, have received appropriate training on their responsibilities and have executed written confidentiality agreements or are under general obligations of confidentiality towards the Recipient.
The Recipient shall take commercially reasonable steps to ensure the reliability of the Associated Personnel engaged in the Processing of Personal Information.
5.3 Limitation of Access
The Recipient shall ensure that access to Personal Information is limited to those Associated Personnel of the Recipient directly involved in the fulfilling of the purpose.
6.1 Appointment of Operators
Disclosing Party acknowledges and agrees that:
6.1.1 the Recipient is entitled to retain its Affiliates as Operators; and
6.1.2 subject to clause 6.2 below, the Recipient or any such Affiliate may engage any third parties from time to time to process Personal Information on their behalf and in connection with the fulfilment of the purpose envisaged in Attachment 1 to this Privacy Statement.
6.2 Approval of Operators
Except as otherwise provided in this Privacy Statement, the Recipient shall not provide any third party with access to Disclosing Party Personal Information without the prior express approval of Disclosing Party. The Recipient shall provide advanced written notice to the Disclosing Party should it desire to provide a third-party access to Disclosing Party’s Personal Information. Where approval has been granted by Disclosing Party in accordance this section, the Recipient shall:
6.2.1 undertake due diligence on the Operator; and
6.2.2 enter into a written agreement with the Operator that ensures that the Operator Processes the Personal Information in line with this Privacy Statement and Data Protection Laws and Regulations; and
6.2.3 Provide Disclosing Party with such information regarding the Operator as Disclosing Party may reasonably require.
7. SECURITY MEASURES, NOTIFICATIONS REGARDING PERSONAL INFORMATION, CERTIFICATIONS AND AUDITS, RECORDS
7.1 Security Measures
Taking into account the state of art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Recipient shall implement appropriate organizational and technical measures towards a level of security, appropriate to the risk (including risks that are presented by Processing, in particular from accidental or unlawful destruction, loss alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise Processed), including but not limited to:
7.1.1 the encryption of Personal Information in transit;
22.214.171.124 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
126.96.36.199 the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical and technical incident; and
188.8.131.52 a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.
7.2 Notifications Regarding Personal Information Breach
7.2.1 The Recipient will ensure that it and its Operators have in place reasonable and appropriate security incident management policies and procedures as required by the POPI Act, and shall notify Disclosing Party without undue delay (but in any event within 24 hours) where there are reasonable grounds to believe that there has been, or after becoming aware of, the unlawful or accidental destruction, alteration or damage or loss, unauthorized disclosure of, or access to Personal Information, transmitted, stored or otherwise Processed by the Recipient or Operators of which the Recipient becomes aware (hereinafter, a “Personal Information Breach”), as required to assist the Disclosing Party in ensuring compliance with its:
184.108.40.206 obligations to notify the Supervisory Authority;
220.127.116.11 obligations to communicate the Personal Information Breach to the Recipient involved; and
18.104.22.168 documentation obligation regarding the facts relating to the Personal Information Breach, its effects, and the remedial action taken.
7.2.2 The Recipient shall make reasonable efforts to identify the cause of such Personal Information Breach and take those steps as it deems necessary and reasonable in order to remediate the cause of such a Personal Information Breach, to the extent that the remediation is within the Recipient’s reasonable control.
The Recipient shall maintain complete and accurate written records of the Processing it undertakes on behalf of Disclosing Party in accordance with Data Protection Laws and Regulations.
8. RETURN OF PERSONAL INFORMATION, COMMUNICATION
8.1 Return of Personal Information
Unless otherwise required by law, the Recipient and Operators, shall if required in terms of Data Protection Laws and Regulations, upon termination or expiry of the Agreement for whatever reason, either securely delete or return all the Disclosing Party Personal Information to Disclosing Party in accordance with the Agreement, or in the absence of a specific destruction provision, the Recipient will ensure it follows its standard Personal Information destruction practices. If the Recipient or its Affiliates are required to retain a copy of the Personal Information by law, it shall retain that which is required by applicable Data Protection Laws and Regulations for not longer than is reasonably necessary.
9. COOPERATION WITH SUPERVISORY AUTHORITY
The Disclosing Party and the Recipient as applicable, shall cooperate, on request, with the Supervisory Authority in the performance of its tasks.
If this Privacy Statement is incorporated into and forms part of any other Agreement, for matters not addressed under this Privacy Statement, the terms of the Agreement apply to the extent of any inconsistency. With respect to the rights and obligation of the parties to each other insofar as it pertains to the Processing of Personal Information, in the event of a conflict between the terms of the Agreement and this Privacy Statement, the terms of this Privacy Statement will prevail to the extent of such inconsistency.
Nature and purpose of Processing
This table includes certain details of the Processing of Personal Information as required by section 18 of the POPI Act.
Nature and purpose of Processing The Recipient and Operators will/may Process Personal Information as necessary to market, advertise, make a sale, and deliver products and or services. Failure to provide the Personal Information may mean that the Recipient will be unable to fulfil this purpose, and as such, is mandatory
Categories of third parties
Personal Information may be shared with the following categories of third parties:
• The Courier Guy
Types of Personal Information to be Processed in terms of this Privacy Statement
• First name
• Last name
• Email address
• Date of birth
• ID number
• Passport number
• Phone number
• Credit card information
• Bank information
• Background check
• Criminal history
• Demographic data
• Text, audio, video or image files
BTSO (Pty) Ltd TERMS AND CONDITIONS
These Website Standard Terms and Conditions written on this webpage shall manage your use of this website. These Terms will be applied fully and affect to your use of this Website. By using this Website, you agreed to accept all terms and conditions written in here. You must not use this Website if you disagree with any of these Website Standard Terms and Conditions. Minors or people below 18 years old should ask their legal guardian permission to use this Website.
Intellectual Property Rights
Other than the content you own, under these Terms, BTSO (PTY) LTD and/or its licensors own all the intellectual property rights and materials contained in this Website. You are granted limited license only for purposes of viewing the material contained on this Website.
You are specifically restricted from all of the following publishing any Website material in any other media; selling, sublicensing and/or otherwise commercializing any Website material; publicly performing and/or showing any Website material; using this Website in any way that is or may be damaging to this Website; using this Website in any way that impacts user access to this Website; using this Website contrary to applicable laws and regulations, or in any way may cause harm to the Website, or to any person or business entity; engaging in any data mining, data harvesting, data extracting or any other similar activity in relation to this Website; using this Website to engage in any advertising or marketing. Certain areas of this Website are restricted from being access by you and BTSO (PTY) LTD may further restrict access by you to any areas of this Website, at any time, in absolute discretion. Any user ID and password you may have for this Website are confidential and you must maintain confidentiality as well.
In these Website Standard Terms and Conditions, “Your Content” shall mean any audio, video text, images or other material you choose to display on this Website. By displaying Your Content, you grant BTSO (PTY) LTD a non-exclusive, worldwide irrevocable, sub licensable license to use, reproduce, adapt, publish, translate and distribute it in any and all media. Your Content must be your own and must not be invading any third-party’s rights. BTSO (PTY) LTD reserves the right to remove any of Your Content from this Website at any time without notice.
This Website is provided “as is,” with all faults, and BTSO (PTY) LTD express no representations or warranties, of any kind related to this Website or the materials contained on this Website. Also, nothing contained on this Website shall be interpreted as advising you.
Limitation of liability
In no event shall BTSO (PTY) LTD, nor any of its officers, directors and employees, shall be held liable for anything arising out of or in any way connected with your use of this Website whether such liability is under contract. BTSO (PTY) LTD, including its officers, directors and employees shall not be held liable for any indirect, consequential or special liability arising out of or in any way related to your use of this Website.
You hereby indemnify to the fullest extent BTSO (PTY) LTD from and against any and/or all liabilities, costs, demands, causes of action, damages and expenses arising in any way related to your breach of any of the provisions of these Terms.
If any provision of these Terms is found to be invalid under any applicable law, such provisions shall be deleted without affecting the remaining provisions herein.
Variation of Terms
BTSO (PTY) LTD is permitted to revise these Terms at any time as it sees fit, and by using this Website you are expected to review these Terms on a regular basis.
The BTSO (PTY) LTD is allowed to assign, transfer, and subcontract its rights and/or obligations under these Terms without any notification. However, you are not allowed to assign, transfer, or subcontract any of your rights and/or obligations under these Terms.
These Terms constitute the entire agreement between BTSO (PTY) LTD and you in relation to your use of this Website, and supersede all prior agreements and understandings.
Governing Law & Jurisdiction
These Terms will be governed by and interpreted in accordance with the laws of the State of Gauteng, and you submit to the non-exclusive jurisdiction of the state and federal courts located in Gauteng for the resolution of any disputes.