Privacy Policy

This privacy policy (“Privacy Policy“) applies to how we process your Personal Information (as defined in paragraph 2.1 below) when using this Website and Services (terms are defined in the Website Terms and Conditions accessible on our Website (the “Terms“)).  Please read this Privacy Policy carefully.

All of the provisions of this Privacy Policy are important, but please pay special attention to the parts that are in bold writing.  These parts contain information about provisions that have special consequences for you.  These parts are only intended to bring such provisions to your attention, and, where necessary, to explain their fact, nature, and effect.  Where explanations are given, they shall be contained in a box.  Such boxed explanations are aids to understanding only and are not provisions themselves.  They do not limit the meaning or application of the terms, and do not apply only to the situations and examples described in the boxes or only to similar situations or examples.

  1. Scope of the Privacy Policy
    • introduction and scope
      • Iziko Museums of South Africa is a national museum and agency of the Department of Sport, Arts and Culture, and manages 11 national museums (“Iziko”or “we” or “us” or “our“). Our further details are set out in the Terms.
      • We are committed to protecting and respecting your privacy. We strive to ensure that the use of your Personal Information is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our services and your experience.
      • This Privacy Policy sets out what we will do with any Personal Information we collect from you or about you, or that you provide to us, when you use the Website and/or the website Services.
      • We have appointed an Information Officer who is responsible for overseeing questions in relation to the Privacy Policy. You may contact our Information Officer at _______________________ [Insert Details of Officer/Email]to discuss this Privacy Policy or your rights under data protection legislation that is applicable to you.
      • This Privacy Policy must, as is appropriate, be read together with Iziko’s Website Terms of Use (accessible here) (the “Terms“) and any other documents or agreements between Iziko and you (the “Agreements“) that describe the manner in which we, in specific circumstances, collect or process Personal Information about you. This will enable you to understand the manner in which WW will process your Personal Information. This Privacy Policy supplements such Terms and Agreements, but does not supersede them and in the event of any conflict, ambiguity or inconsistency between this Privacy Policy, the Terms and/or the Agreements, such documents shall be construed in the following order of priority:
        • this Privacy Policy;
        • the Terms; and
        • the Agreements.
      • your consent to the Processing of your Personal Information
        • By agreeing to this Privacy Policy, you provide us with your express consent and agreement that we may collect, get, receive, record, organise, collate, store, update, change, retrieve, read, process, use and share your Personal Information in the manner set out in this Privacy Policy. When we do one or more of these actions with your Personal Information, we are “Processing” your Personal Information.
        • If you do not agree with this Privacy Policy, or are concerned about any aspect as it relates to your Personal Information, it is advised that you do not continue to use the Website or the Services.

In the paragraph above you expressly give your permission to us to Process your Personal Information in the manner and for the purposes set out in this Privacy Policy.  By doing this, you know and accept that you are giving up certain parts of your right to privacy.  You will not be able to take any action against us for using your Personal Information in the way that you have given us permission, even if you suffer loss or damage.

  • what does this Privacy Policy apply to?
    • This Privacy Policy applies to:
      • us, and our successors-in-title; and
      • you (“user“, “you“, or “your“), namely a user who accesses or uses the Website and/or the Services provided thereon (hereinafter collectively referred to as just the “Website“, for simplicity), regardless of the device which you use to access it, which device is capable of using, or enabled to use, the Website including, but not limited to, internet-connected mobile devices and tablets (“Access Device“).
    • This Privacy Policy does not apply to other parties’ websites, products or services, such as websites linked to, from or advertised on the Website or through the Services, or sites which link to or advertise the Website.
  1. What is Personal Information?
    • Personal Information” refers to private information about an identifiable person, which includes your name and surname, age, date of birth, contact details (eg your home address, postal address, email address or phone number), physical location, social media account details and profile pictures.
    • Other information which might be Personal Information may include:
      • device and device event information“: We may collect information such as your IP address, unique device identifier, the nature of the Access Device which you used to access the Website, the geographic location from which you accessed our site, hardware model and settings, operating system type, and version, browser language, system activity, and crashes;
      • log information“: When you use the Website, we may automatically collect and store certain information in server logs when you access the Website, which may include your site activity information, such as details of how, when and for how long you accessed the Website, what links you went to, what Content (as defined in the Terms) you accessed, the amount of Content viewed and the order of that Content as well as the amount of time spent on the specific Content.
      • profile information“: We may collect and Process information and usage data per profile to make targeted recommendations to that profile when that profile is logged in to, and using the Website;
      • location information“: We may use various technologies to determine your actual location, such as geographical data from your Access Device (which is usually based on the GPS or IP location); and
      • unique application numbers“: Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to us when you install or uninstall such a service or when that service periodically contacts our servers, such as for automatic updates.
  1. When will we Process your Personal Information?
    • In addition to paragraph 4 below, Personal Information may be Processed by us in several ways, including, when:
      • you register an account on the Website (if applicable);
      • you access or make use of the Content or Services;
      • you submit your Personal Information to us for any other reason;
      • you contact us, by email or telephonically or otherwise, with any queries;
      • we carry out demographic research or feedback evaluation of our Content or Services; and
      • you browse or use the Website.
  1. How we collect your Personal Information
    • We may collect your Personal Information in three ways, namely:
      • actively from you;
      • passively from your Access Device when you use the Website; and
      • passively from our affiliates and third-party service providers.
    • active collection from you
      • We may require you to submit certain information in order for you to register an account on the Website or benefit from specific features, such as when you register for any Subscription Services. We may collect Personal Information from you by asking you specific questions and by permitting you to communicate directly with us, for example via email, feedback forms, site comments and forums.
      • If you contact us, we may keep a record of that correspondence.
      • The information we may actively collect from you may include your:
        • identifying information (eg your name, surname, unique identifier, date of birth, profile picture and physical location);
        • contact details (eg email address and phone number); and
        • any other information which we may request from you from time to time.
      • passive collection from your Access Device
        • We passively collect some of your Personal Information from the Access Device which you use to access and navigate through the Website, using various technological means, for instance, using server logs to collect and maintain log information.
        • We also use cookies and anonymous identifiers which enable our computer system to recognise you when you next visit the Website, to distinguish you from other users, and to improve our service to you, and which can be used to enhance the content of the Website and make it more user-friendly, as well as to give you a more personalised experience.
        • A cookie is a small piece of data (an alphanumeric identifier) which our computer system transfers to your Access Device through your web browser when you visit a Website, and which is stored in your web browser. When you visit the Website again, the cookie allows the site to recognise your browser.  Cookies may store user preferences and other information as provided in our Cookies Policy.
        • You may disable the use of cookies by configuring your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do so, you may not be able to enjoy all of the features and functionality of the Website.
        • The information which we may passively collect from your Access Device may include your identifying information, contact details, device and device event information, site activity information, log information, telephony log information, location information, unique application numbers and any other information which you permit us, from time to time, to passively collect from your Access Device.
      • passive collection from our affiliates and third party service providers
        • We collect some Personal Information passively from our affiliates and third-party service providers, purely to supplement information which you have already agreed to give us and to supplement your user profile on the Website.
      • passive collection from social networking sites (with your permission)
        • We may allow you to log onto the Website by using the social media account authentication option.
        • By collecting information from your social media account we enable you to enrich your account on the Website by enabling you to share your information (eg posts, photos, videos, and contacts) which is stored on that social media account without you having to actively give us all that information. All you need to do is login using your username and password and give us your permission to access and use that information.
        • There are two kinds of information which we collect from social networking sites, namely basic information and extended information.
        • basic information
          • Basic information is information which you have put on a social media account which you have made public in accordance with your privacy settings on the relevant social media account.
          • This could include your name and surname, username or user-ID number, your profile picture or its URL, your email address, the physical location of your Access Device, your gender, your date of birth, and any other information which you have decided to share publically (the information which you have put on your social media account profile for anyone to see).
          • We will access your basic information from your social media account only:
            • when you log on to the social media account from the Website or if you select any “keep me logged in” or equivalent function;
            • with your permission;  and
            • in line with your privacy settings on the relevant social media account.
          • extended information
            • Extended information is information which you have put on a social media account over and above the basic information. This could include your additional identifying information and contact details, biographical information, educational history, personal preferences, religion, your “friends” or contacts on the social media account, your “likes” and “dislikes”, information you have “shared” (eg comments on, or shared content on, your or your friend’s Facebook “wall”), your recommendations to your friends or other social media account contacts, your game scores and rankings, and any other information which you have put on, or actions you have done, on a social media account (eg the information on your Facebook “wall”, your game score predictions, or the trophies you’ve won on our games), and any other information which you permit us, from time to time, to passively collect from a social media account.
            • We will collect from the relevant social media account your extended information only if and to the extent that you give us permission to do so.
            • You can decide on the layers of extended information which you want to share with us and manage it through the Website or the relevant social media account;
            • We may offer you the ability to import your address book contacts or to manually enter third parties’ contact details in order to populate your invite list on the Website (“your contacts“). You may authorise us to send your communications to your contacts on your behalf (eg to send your contact an email or notification from you or on your behalf inviting him/her to join the Website).
            • We only receive information from social media accounts we do not give them access to any of your Personal Information.
  1. How we use your Personal Information
    • We use the information we collect to provide, maintain, and improve the Website, to develop new services, and to protect us, our services, and our users. We constantly strive to improve our users’ experience, and so we also use the information we collect to offer you information and Content which is more appropriately tailored for you.
    • We may use your Personal Information:
      • to retain and make available to you information on the Website;
      • to create your user account and ensure that it doesn’t duplicate an existing user account on the Website, and allow use of the Content;
      • as a registered user, to notify and authenticate your identity when you view and access the Website;
      • maintain and update our customer, or potential customer, databases;
      • to establish and verify your identity on the Website;
      • fulfil your requests for certain services;
      • diagnose and deal with technical issues and customer support queries and other user queries, such as problems with our server, or to determine the optimal and fastest route for your Access Device to use in connecting with the Website, and administer, maintain and secure the Website;
      • detect, prevent or deal with actual or alleged fraud, security or the abuse, misuse or unauthorised use of the Website and/or contravention of this Privacy Policy;
      • conduct market research surveys, product research and development;
      • provide you with the latest information about our services, provided you have agreed to receive such information;
      • communicate with you;
      • compile non-personal statistical information about browsing habits, click patterns and access to the Website;
      • improve the Website, analyse trends, and administer the Website, including requesting feedback on Content and our Services and products, address any issues and liaise with users in that regard;
      • keep a record of our communications with you and your communications with us;
      • fulfil any contractual obligations we may have to you or any third-party;
      • improve your user experience and the overall quality of our services;
      • customise the Website to your preferences and tailor information and/or Content for you to ensure that it is presented in the most effective manner for you, and for your Access Device;
      • inform you about any changes to the Website, the Terms, this Privacy Policy or other changes which are relevant to you;
      • subject to paragraph 3.2 to 4.3.5 provide you with online personalised services and targeted advertising, including through the use of cookies;
      • subject to paragraph 3.2 to 4.3.5, provide you with online recommendations of our products which we believe might be of interest to you, based on your log information;
      • to compile and use statistical information about you and other users and their access to and use of the Website, browsing habits, click-patterns, preferences, and demographics which we may use to develop, provide and improve the Website, including, recommendations to users and tailoring information and Content for users;
      • to compile, use, disclose and trade with non-personal statistical information about our users and their access to and use of the Website, browsing habits, click-patterns, preferences, demographics which we may use to develop, provide and improve the Website and our products and services, including targeted advertising to user groups. Please note that the information referred to in this paragraph 2.22 is aggregate information about our users which has de-identified users’ personal information such that it cannot be linked back to identify you.  We will not disclose your identifiable personal information to anyone without your permission;
      • for security, administrative and legal purposes;
      • for customer relations; and
      • other activities not specifically mentioned which are lawful, reasonable, relevant to our business activities and the minimum necessary and adequate for us to provide the Website.
    • We will get your permission before collecting or using your Personal Information for any other purpose.
  2. Sharing of your Personal Information
    • We will not intentionally disclose, for commercial gain or otherwise, your Personal Information other than as set out in this Privacy Policy or with your permission.
    • You agree that your Personal Information may be shared under the following circumstances:
      • to our agents, advisers, service providers and suppliers which have agreed to be bound by this Privacy Policy;
      • to our employees, contractors and agents, if and to the extent that they need to know that information in order to process it for us and/or to provide services for or to us, such as site hosting, development and administration, technical support and other support services. We will authorise any information processing done by a third party on our behalf by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions.  Such persons may be disciplined, their contracts terminated, or other appropriate action taken if they fail to meet their obligations;
      • in order to enforce or apply our terms of use or any other contract between you and us;
      • in order to protect our rights, property, or safety or that of our customers, employees, contractors, agents and any other third party;
      • in order to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;
      • to governmental agencies, exchanges and other regulatory or self-regulatory bodies if we are required to do so by law or if we reasonably believe that such action is necessary to:
        • comply with the law or with any legal process;
        • protect and defend the rights, property or safety of us, our affiliates or our customers, employees, contractors and agents or any third party;
        • detect, prevent or deal with actual or alleged fraud, security or technical issues or the abuse, misuse or unauthorised use of our site and/or contravention of this privacy policy;
        • protect the rights, property, or safety of members of the public (if you provide false or deceptive information about yourself or misrepresent yourself as being someone else, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).
      • We may use your Personal Information to compile profiles for statistical purposes and may freely trade with such profiles and statistical data, provided that the profiles or statistical data cannot be linked back to you by a third party.
      • We will get your permission before disclosing your Personal Information to any third party for any other purpose.
  1. Storage and transfer of your Personal Information
    • We store your Personal Information on our servers.
    • We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected, and such jurisdiction may not have comparable data protection legislation.
    • If the location which that Personal Information is transferred to does not have substantially similar laws which provide for the protection of Personal Information, we will take reasonably practicable steps to ensure that your Personal Information is adequately protected in that jurisdiction.
  2. Security
    • We take reasonable technical and organisational measures to secure the integrity of retained information, using accepted technological standards to prevent unauthorised access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration or destruction.
    • From time to time, we review our information collection, storage and processing practices, including physical security measures, to keep up to date with good practice.
    • See paragraph 2.2 regarding measures to protect the information which is provided to employees, agents and contractors on a need-to-know basis.
    • We also create a back-up for operational and safety purposes.
    • Even by taking the above measures when Processing Personal Information, we do not guarantee that your Personal Information is 100% secure.

In this paragraph, you acknowledge that you know and you accept that the Internet is not absolutely secure and there is a risk that your Personal Information will not be secure when transmitting it over the Internet.  We do not promise that we can keep your Personal Information completely secure over the Internet.  You also know and accept that we do not promise the complete security of your Personal Information.  You will not be able to take action against us if you suffer losses or damages in these circumstances.

  1. Retention of your Personal Information
    • We retain all Personal Information which we collect from you unless there is a valid technical, legal or business reason for us to delete, destroy or de-identify it (“retained information“).
    • We may keep all retained information for as long as you continue to access the Website for as long as reasonably necessary or until you contact us and ask us to destroy the retained information. Subject to paragraph 3 below:
      • if you do not access the Website for a consecutive period of three years we will inform you that your account is dormant;  and
      • if you do not access the Website for a further six months after the dormancy notification, we will delete, destroy or de-identify all your Personal Information from our records except for information which we store for historical, statistical or research purposes.
    • Notwithstanding paragraph 2 above and any other provision of this Privacy Policy, we may keep some or all of your Personal Information if and for as long as:
      • we are required by law, a code of conduct or a contract with you to keep it;
      • we reasonably need it for lawful purposes related to our functions and activities;
      • we reasonably need it for evidentiary purposes;  or
      • you agree to us keeping it for a specified further period.
  1. Keeping your Personal Information updated and correct
    • Where required by law, we take reasonable steps to ensure that your Personal Information is accurate, complete, not misleading, and up to date.
    • You must let us know if any information we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in paragraph 19. If you have already registered to use the Website, you can at a later stage modify some of the Personal Information you have included in your profile by logging in and accessing the account created by you on the Website.
    • Where required by law, we will take reasonable steps to correct or update the relevant information accordingly having regard to the purpose for which the information was collected or used.
  2. You give up your rights
    • You agree that where the law requires us to make you aware of something (to inform or notify you) or to do something else, we do not have to do this. This exclusion only applies to the extent permitted by law.
    • For example, sometimes the law says that we have a duty to make you aware of some information or other matters, unless you agree that we do not need to do these things (this is called a waiver of rights). This paragraph constitutes such a waiver, and we will not have this duty anymore and will not need to make you aware of the information or other matters.

In the above paragraph you give up certain rights and we are absolved from certain duties.  As a result of this, you may not become aware of information that you may need to protect yourself.  You also may not be able to exercise your other rights (such as your right to privacy).  In these circumstances, you will not be able to make any claim against us if you suffer loss or damages because we did not give you certain information, or because we did not perform our duties.

  1. Changes to this Privacy Policy

We may change this Privacy Policy from time to time.  If we do so, we will post the revised policy on the Website and take reasonably practicle steps to ensure that you are aware of the updated Privacy Policy (including, if we have your e mail address, emailing you notifications of the updated Privacy Policy).

  1. Direct marketing
    • When Iziko processes Personal information for the purposes of direct marketing by way of electronic communication. Iziko will only send you direct marketing material if you have specifically opted-in to receive these materials, or if you are a client of Iziko, always in accordance with applicable laws.
    • If you complete the subscription form on the Website, you register on the Website you will receive marketing communications, you therefore agree to receive marketing communication from Iziko.
    • You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communications from us if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).
    • You may opt out of receiving direct marketing communications from us at any time by requesting us (in any manner, whether telephonically, electronically, in writing or in person) to desist from initiating any direct marketing to you. You may send your opt-out requests to our Information Officer.
    • If you have opted out, we may send you written (which may include electronic writing) confirmation of receipt of your opt out request, and not send you any further direct marketing communications.
    • You may, in terms of the Consumer Protection Act 68 of 2008 (the “Consumer Protection Act“), register a pre-emptive block against direct marketing communications. If you do so, we will not send you direct marketing communications unless you have expressly consented to receiving direct marketing communications from us.
  2. Third party sites
    • We are not responsible for the privacy practices of a third-party site to which there may be a link on the Website.
    • We advise you to read the privacy policy of each site which you visit and to determine your privacy settings in accordance with your personal preferences.

We are not liable if you suffer losses or damages when visiting third party websites by following a link to that website from the Website.  You accept that there may be risks when you use such third party websites, and you do so at your own risk.

  1. How to protect your Personal Information
    • People have different privacy concerns. Our goal is to be clear about what information we collect so that you can make meaningful choices about what you make available.  For example, you may:
      • set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being sent by us (see paragraphs 3.2 to 4.3.5 above);
      • request us to indicate what Personal Information of yours we have on our systems;
      • request us to correct or update your personal information (see paragraph 11) or to destroy or delete your personal information (subject to paragraphs 10 and 12);
      • object to any unlawful processing of your Personal Information;
      • request that your Personal Information is deleted if it is no longer required for the purposes for which it was collected or required by us in terms of any applicable law, subject to paragraph 10;  or
      • refuse the processing of your Personal Information for direct marketing purposes (see paragraph 14).
    • As far as the law allows, we may charge a fee for attending to any of your requests above and may also refuse to carry out any of your requests in whole or in part.
  2. Consumer Protection Act, Protection of Personal Information Act and other laws
    • If this Privacy Policy or any provision in this Privacy Policy is regulated by or subject to the Consumer Protection Act, POPI, as amended or any other South African data protection and privacy laws, it is not intended that any provision of this Privacy Policy contravenes any provision of the Consumer Protection Act, POPI or such other laws. Therefore, all provisions of this Privacy Policy must be treated as being qualified, to the extent necessary, to ensure that the provisions of the Consumer Protection Act, POPI and such other laws are complied with.
    • No provision of this Privacy Policy:
      • does or purports to limit or exempt us from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;
      • requires you to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability;  or
      • limits or excludes any warranties or obligations which are implied into this Privacy Policy by the Consumer Protection Act (to the extent applicable), POPI (to the extent applicable), or other applicable laws or which we give under the Consumer Protection Act (to the extent applicable), POPI (to the extent applicable), or other applicable laws, to the extent that the law does not allow them to be limited or excluded.
  1. Governing law
    • South African law applies to this Privacy Policy.
    • You agree that this Privacy Policy, our relationship, and any dispute of whatsoever nature relating to or arising out of this Privacy Policy whether directly or indirectly is governed by South African law, without giving effect to any principle of conflict of laws.
    • If any provision of this Privacy Policy is judged to be illegal, void, or unenforceable due to applicable law or by order of a court of a competent jurisdiction it shall be deemed deleted and the continuation in full force and effect of the remainder of the provisions will not be prejudiced.
  2. General
    • Each provision of this Privacy Policy, and each part of any provision, is removable and detachable from the others. As far as the law allows, if any provision (or part of a provision) of this Privacy Policy is found by a court or authority of competent jurisdiction to be illegal, invalid, or unenforceable (including without limitation, because it is not consistent with the law of another jurisdiction), it must be treated as if it was not included in this Privacy Policy and the rest of this Privacy Policy will still be valid and enforceable
    • No provision of this Privacy Policy:
      • does or purports to limit or exempt us from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;
      • requires you to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or
      • limits or excludes any warranties or obligations which are implied into this Privacy Policy by the Consumer Protection Act (to the extent applicable), POPIA (to the extent applicable), or other applicable laws or which we give under the Consumer Protection Act (to the extent applicable), POPIA (to the extent applicable), or other applicable laws, to the extent that the law does not allow them to be limited or excluded.
  1. Queries
    • If you have questions about our Privacy Policy, please contact us at info@iziko.org.za
    • Should you feel that your rights in respect of your Personal Information have been infringed, please address your concerns to the Information Officer at ________________[insert clients information officer]. If you feel that the attempts by Iziko to resolve the matter have been inadequate, you may lodge a complaint with the South African Information Regulator by accessing their website at justice.gov.za/inforeg.