This Policy includes the Company’s data protection and information security policy, and applies to the
Company’s Clients and Website Users. The Company, as a responsible party, will only process Personal
Information in a lawfull and reasonable manner in order not to infringe the privacy of the User and/or
the Company’s Client.
Binding Acceptance of Policy:
By accessing, using and/or interacting with this Website and submitting contact forms, each User
signifies his/her acceptance of this Policy and agrees to be bound by the terms and conditions as
recorded herein.
For as long as a Client makes use of the Services, he/she/it signifies his/her acceptance of this Policy
and agrees to be bound by the terms and conditions as recorded herein.
1. Introduction
The Company is committed to protecting the personal information and privacy of our Users and
Clients. A User of the Website can visit most pages on the Website without providing us with any
Personal Information. Notwithstanding the aforesaid, the Company is required to process certain
Personal Information in order for the User to enjoy full use of the Website, as well as to enable the
Company to properly and sufficiently render its Services to our Clients. The Company, as Responsible
Party, is responsible for the processing of Personal Information, which processing must be done under
and in terms of POPIA. In light of the aforesaid, the Company only processes Personal Information in
accordance with the contents of this Policy, the POPIA and the Regulations.
This Policy indicates which Personal Information the Company process when a User is
accessing/making use of the Website, for what purpose it is being processed for, and according to
which principal the processing is being permitted.
In addition, this Policy indicates which Personal Information the Company will process when a Client is
making use of the Company’s Services, for what purpose it is being processed for, and according to
which principal the processing is being permitted.
2. Definitions
In this Policy, and unless the context clearly indicates a different intention, the following expressions
bear the meanings given to them below and equivalent expressions will have similar meanings:
“Clients“ - means the Company’s customers/clients who appoints the Company to render the Services;
“Company” – means Breatheco (Pty) Ltd (Registration Number: 2020/047550/07);
“Domain Name” – means the domain name/s and/or internet address/es via which the Website is
accessible, and more specifically www.thebreatheco.com and www.thebreathewheel.com;
“Information Officer“ - means the Company’s information officer, as defined in chapter 1 of the
POPIA, and as recorded below;
“IP” – means internet protocol;
“PAIA” - means the Promotion of Access to Information Act, Act 2 of 2000;
“Personal Information” – means personal information as defined in terms of section 1 of the POPIA;
“Policy” – means this privacy policy;
“POPIA” – means the Protection of Personal Information Act, Act 4 of 2013;
“Processing” - means processing as defined under and in terms of section 1 of the POPIA;
“Regulator” - means the regulator as defined in Chapter 1 of the POPIA;
“Regulations” – means the POPIA regulations published from time to time;
“Services” - means the management consulting services rendered by the Company to its Clients from
time to time;
“Users” – means individuals who access, use and/or interact with the Website from time to time;
“Website” – means and includes the website accessible via the Domain Name, each associated
microsite and each sub-page, owned, operated and maintained by the Company.
3. Personal Information to be processed when you access the Website
The Company automatically collects and stores certain information in its server log files that the User’s
browser transmits back to the Company. This data cannot be assigned by the Company to specific
individuals and this data is not merged with other data sources. The following data is collected:
- Browser type/version;
- Operating system used;
- Referrer URL (the previous page visited);
- Host name of the accessing computer (IP addresses) v4 and v6 are anonymized); and
- Time of the server request.
The IP address is valid worldwide and uniquely identifies the User’s computer at the time of allocation
by the User’s internet provider. IP, in its most common form (IPv4), consists of four blocks of digits
separated by dots or extended by additional digits (IPv6). In most cases, as a private user, the User will
not use a constant IP address, as this is only temporarily assigned to the User by the respective User’s
internet provider. In the case of permanently assigned IP addresses, a clear assignment of user data
via this feature is technically quite straightforward.
The aforementioned data will be processed by the Company for the following purposes:
- Ensuring a smooth connection to this Website;
- Ensuring convenient use of this Website;
- Evaluation of system security and system stability; and
- For further administrative and statistical purposes.
The abovementioned Personal Information, where applicable, in the server log files is processed on
the basis of section 11(1)(f) of the POPIA. This authorization allows the processing of Personal
Information for the purpose of a “legitimate interests” pursued by the Company, except where such
interests are overridden by your fundamental rights, freedoms or interests. The Company’s legitimate
interest is the facilitation of administration and the ability to detect and track hacking.
In terms of section 11(3)(a) of the POPIA, the User may object at any time to the processing of the
User’s Personal Information where the Personal Information is being processed pursuant to a
legitimate interest of the Company. In terms of the Regulations, a User who wishes to object to the
processing of the Personal Information as outlined in this clause 3, must submit the objection to the
Company on Form 1, attached to the Regulations.
In the event of the User objecting to the processing of the Personal Information as recorded in this
clause 3 the Company will immediately stop and refrain from processing the above-mentioned
Personal Information.
The server log files containing the abovementioned Personal Information are automatically deleted
after 30 (thirty) days, or anonymized if used for statistical purposes. The Company reserves the right
to store the server log files for a longer period, if facts are present which could lead the Company to
assume that unauthorized access has taken place.
4. Client Personal Information
The following Personal Information of the Company’s Clients are processed by the Company:
- Name and Surname;
- Email Address; and
- Health and Wellbeing Information.
When the Client provides the Company with the Personal Information recorded in this clause 4, the
Company processes same in order to effectively render the Services to the applicable Client, as
required from time to time. The Client hereby consents to the processing of the Personal Information
as provided for under and in terms of this clause 4.
The Client can revoke his/her/its consent to the use/process of the Personal Information provided at
any time via notice to the Company’s Information Officer, whose details are recorded below.
5. Contact Form
The following Personal Information of Website Users is processed by the Company when the User
completes and submits the “Contact Us” contact form:
- Full Names;
- Email Address;
- Mobile and/or Telephone number; and
- he User’s company name and details, if applicable.
When a User provides Personal Information via the Website’s “Contact Us ” function, the Personal
Information provided is processed by the Company solely in order to contact the User.
The User hereby consents to the Processing of the Personal Information, as requested via the
Website’s “Contact Us” function, which consent is confirmed when the User accepts/ticks the consent
“box” and submits the request.
6. Newsletter Subscription
The following Personal Information of Users are processed by the Company when a User completes
and submits the “Newsletter Subscription” contact form:
- Name; and
- Email Address.
When a User provides Personal Information via the Website’s “Newsletter Subscription” function, the
Personal Information provided is processed by the Company solely for subscription purposes.
The User hereby consents to the Processing of the Personal Information, as requested via the
Website’s “Newsletter Subscription” function, and opts- in to receive the Company’s newsletter from
time to time, which consent is confirmed when the User accepts/ticks the consent “box” and submits
the request.
5.2 Google Analytics
The Website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google
Analytics uses cookies – text files that are stored on the User’s computer and enables an analysis of
how the User used the Website. The information gathered by the cookie about the User’s usage of this
website is generally transferred to a Google server in the United States of America (“USA”) and stored
there. On behalf of the operator of the Website, Google will use this information to analyze the User’s
usage of the Website, compile reports about Website activities and provide the Website operator with
further services related to the Website and internet usage. The IP address transferred by the User’s
browser as part of Google Analytics is not combined with other Google data. The User can prevent
cookies being stored by adjusting his/her browser software accordingly, however, we would then
inform the User that he/she may then not be able to make use of the full scope of functions available
on the Website.
7. Google remarketing
This Website uses Google remarketing. Google remarketing is an advertising service of Google Inc.
("Google", Mountain View, USA), with which the Company can provide the User with targeted adverts
of presumed interest, based on the User’s usage behavior during previous visits to the Website. Such
adverts only appear on Google advertising spaces, either those of Google Adwords or the Google
Display Network.
The User can object to Google remarketing in the Google Ad Settings or edit his/her settings.
Alternatively, the User can prevent remarketing by deactivating cookies in his/her browser settings.
8. Facebook remarketing
This Website uses the "Custom Audiences" remarketing function from Facebook Inc. ("Facebook").
This function is used to present interest-based adverts ("Facebook ads") to visitors to this Website
when the said visitors visit the social network Facebook. For this purpose, Facebook's remarketing tag
has been implemented on this Website. This tag establishes a direct connection to the Facebook
servers when you visit the Website. The fact that the User visited this Website is then transmitted to
the Facebook server and Facebook assigns this information to the User’s personal Facebook user
account. Further information about how Facebook collects and uses data, as well as your rights and
options in this regard for protecting the User’s privacy, can be found in Facebook's privacy policy at
https://www.facebook.com/about/privacy/. Alternatively, the User can deactivate the "Custom
Audiences" remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. The User
must be logged into Facebook to do this.
9. Marketing and Direct Marketing
The Company carries out its direct marketing operations in accordance with this Policy and under and
in terms of the POPIA.
As provided for under and in terms of section 69 of the POPIA, the Company will only process Personal
Information for direct marketing purposes if the User/Client has provided the requisite consent, or in
the case of an existing Client of the Company.
The Company makes use of and operates an “Opt - In” policy. The aforesaid entails that Users/Client
will only receive marketing/direct marketing communications from the Company if the User/Client
consented (i.e. Opt - In).
If the User/Client no longer wish to receive marketing/direct marketing communications from the
Company, the User/Client can at any time revoke his/her consent by unsubscribing to receive the
applicable marketing communication by clicking and submitting our unsubscribe option. The
User/Client will no longer receive any marketing/direct marketing communications and the
User’s/Client’s Personal Information will be deleted.
10. Third Party Websites
On the Website the User will find links to third party websites, including the social network websites.
The User can recognize the links by the respective provider's logo. We do not process any data in this
regard.
By clicking on the links, the corresponding social media pages are opened, to which this Policy does
not apply. Please refer to the privacy policies of the individual providers for details of the provisions
applicable there; you will find these under:
Facebook: https://www.facebook.com/privacy/explanation
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Twitter: https://twitter.com/en/privacy
Instagram: https://www.instagram.com/legal/privacy/
11. Minors
The Website is not targeted at children under the age of 18. The Company will not knowingly collect
information from persons under the age of 18.
12. Collection
The Company will in most instances collect Personal Information from data subjects directly. However,
Personal Information may be collected from other sources. The Company will only collect/obtain and
process Personal Information obtained from other sources where the data subject provided his/her
consent thereto.
13. Retention and Destruction
The Company will retain records of Personal Information only for as long as it is necessary for achieving
the purpose for which the Company collected and/or processed same, unless the Company is required
to retain the applicable Personal Information for longer periods in accordance with certain legislation
(i.e. law), or as otherwise authorised under and in terms of section 14 (1) of the POPIA.
Records that are no longer required, or have satisfied their required periods of retention, shall be
destroyed as required under and in terms of sections 14 (4) and 15 (5) of the POPIA.
14. Further processing of Personal Information
Unless a User and/or Client User provides the Company with the required consent, further processing
of Personal Information by the Company will only be done in accordance- or compatible with the
purpose for which the applicable Personal Information has been collected and processed.
The Company may from time to time share Personal Information with trusted third parties (i.e.
operators) to help us deliver efficient and quality services. Any such recipients (i.e. third
parties/operators) will be contractually bound to safeguard the Personal Information and specifically
to ensure that the Personal Information is processed under and in terms of POPIA.
15. Information Quality
The User/Client warrants that any and all Personal Information provided to the Company from time to
time is complete, accurate, up to date and not misleading. In addition, the User/Client agrees that all
Personal Information processed by the Company under and in terms of this Policy is adequate, relevant
and not excessive in relation to the purpose for which the Personal Information is being processed.
In order to comply with the rights of the data subject pursuant the POPIA and in order to ensure that
all Personal Information is complete, accurate, up to date and not misleading, it may be necessary for
the Company to contact the User/Client from time to time in order to request confirmation of the
accurateness and completeness of the applicable Personal Information, which may include further
information to verify your identity as required under and in terms of POPIA.
16. PAIA Manual
The Company’s PAIA manual, as required under and in terms of section 51 of the PAIA, is available and
will be delivered upon written request - Requests to be emailed to hello@thebreathco.com.
17. Access and Correction of Personal Information
The User/Client, who provided adequate proof of identity and in the prescribed manner and form has
the right to access and request correction of his/her Personal Information as recorded under and in
terms of sections 23 - 25 of the POPIA.
18. Transborder Information Flows
The Company may be required from time to time to transfer Personal Information of the User/Client
to the Company’s servers in London. The aforesaid will only be done in order to store and safegaurd
the Personal Information, as well as to effectively deliver its Services to the Clients.
The User/Client hereby consents to the transfer of his/her Personal Information to the Company’s
servers in London for the purposes outlined above.
19. Complaints
If a User/Client believes that the Company is not processing Personal Information in accordance with
this Policy or the applicable data protection legislation and/or regulations, you can lodge a complaint
to the Regulator. All complaints lodged will be dealt with under and in terms of the applicable sections
of Chapter 10 of the POPIA.
20. Disclosure and Policy Changes
Disclosure of Personal Information to third parties.
As a general principle, the Company does not transfer any Personal Information to third parties other
than for the purposes explained in this Policy. However, if the Company is obliged to do so by law or
court order, we will transfer the applicable Personal Information to the authorities accordingly.
Changes to this Policy.
The status of this Policy is indicated by the date shown (below). The Company reserves the right to
amend this Policy at any time. The latest version can be accessed directly via the Company’s Website.
In order for the Client/User to exercise any of its rights under and in terms of this Policy, kindly contact
the Company’s Information officer at the following address/contact details:
INFORMATION OFFICER DETAILS
Information Officer: Elshe Naude;
Cell: 082 774 6549;
Email: elshe@thebreatheco.com;
Address: Stonehurst Mountain Estate, 17 Waterberg Crescent, Westlake