Privacy & Confidentiality Notice

Authentic Rating Solutions (Pty) Ltd respects your privacy and is committed to protecting and handling your personal data responsibly.

Authentic Rating Solutions (Pty) Ltd services, including (without limitation) our website and other interactive properties through which the services are delivered (collectively, the “Service”) are owned, operated, and distributed by Authentic Rating Solutions (Pty) Ltd (referred to in this Privacy Notice as “ATRS” or “we” and through similar words such as “us,” “our,” etc.). This Privacy Notice is aligned with the Protection of Personal Information Act 4 of 2013 and Promotion of Access to Information Act 2 of 2000, and outlines the personal information that ATRS may collect, how ATRS uses and safeguards that information, and with whom we may share it.

Our Service is offered from the Republic of South Africa (RSA) and is not intended for application abroad. For individuals located outside RSA, please note that ATRS is a South African-based company. If you use our Service, all information, including personal information, will be transferred to ATRS in RSA and used as described in this Notice.

ATRS encourages our customers, visitors, business associates, and other interested parties to read this Privacy Notice, which applies to all users. By using our Service or submitting personal information to ATRS by any other means, you acknowledge that you understand and agree to be bound by this Privacy Notice, and agree that ATRS may collect, process, transfer, use, and disclose your personal information as described in this Notice.

If you do not agree with any part of this Privacy Notice or our Terms of Service, please do not make use of any of the Services we provide.
ATRS reserves the right to modify this Privacy Notice from time to time in order that it accurately reflects the regulatory environment and our data collection standards. When material changes are made to this Privacy Notice, ATRS will post the revised Privacy Notice on our website and communicate details of amendments via email. This Privacy Notice was last modified as of 30 June 2021. The amended Privacy Notice will apply to you if you continue to use our website or our Services following such notification.

Contact Details

If you have any questions or comments about this Privacy Notice or the Services provided by ATRS, please contact us at:

Information Officer:

Yolanda Du Plessis

Office Number:

012 110 4206

Cell Number:

082 319 8877

Email:

mariska@atrs.co.za

If you are a South African resident, South Africa law may provide you with certain rights about your personal information under the Protection of Personal Information Act (“POPIA”) and Promotion of Access to Information Act (“PAIA”) as well the Consumer Protection Act. Throughout this Privacy Notice you will find information required by POPIA regarding the categories of personal information collected from you; the purposes for which we use personal information, and the categories of third parties your data may be shared with. This information is current as of the date of the Notice and is applicable in the 12 months preceding the effective date of the Notice.

As a South African resident, the POPIA and PAIA provide you the ability to make inquiries regarding to your personal information. Specifically, the degree to which the information is not already provided in this Privacy Notice, you have the right to request disclosure or action your personal information, including:

  • If your personal information is collected by us.
  • The specific pieces of personal information collected about you.
  • The ability to correct or delete certain personal information collected about you.
  • The ability to delete all the personal information collected about you, subject to certain exceptions.
  • To opt-in or opt-out of direct marketing to you.
  • To object to the processing of your personal information, or
  • Appeal any rejection of access to your personal information

Personal information (also commonly known as personally identifiable information (PII) or personal data) is information that can be used to identify you, or any other individual to whom the information may relate. The “Personal Information” means information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person, including, but not limited to the following:

  1. Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic- or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
  2. Information relating to the education or the medical, financial, criminal or employment history of the person.
  3. Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other assignment to the person.
  4. The biometric information of the person.
  5. The personal opinions, views, or preferences of the person.
  6. Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
  7. The views or opinions of another individual about the person.
  8. The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

It excludes anonymous, de-identified, statistical, and public information.

This Privacy Notice applies regardless of how you provide personal data to us, including the following circumstances:

  • When you enquire about our Services.
  • When you obtain a quotation or submit a Request for B-BBEE Verification from us.
  • When you provide your contact details for purpose.
  • When you sign agreements with ATRS.
  • When you make use of our Services.
  • When you provide personal data to us voluntarily.

You may only provide someone else’s personal information if you have their permission to do so.

The personal information that we may collect directly from you during the above circumstances includes but is not limited to the following categories:

  • Enquiry details which you might supply related to our Services.
  • Name and contact information (e.g. address; phone number; email).
  • Financial Information (e.g. bank account, accounts contact details).
  • Application data (e.g. company details, financial details, B-BBEE contact details).
  • B-BBEE Verification data and records (e.g. Ownership details, Management Control and Employment Equity details; Skills Development and Learnership details; Supplier details; Development Beneficiary details). This data and records might include that of company employees and other third parties and therefore we would require the necessary POPIA compliance records to be submitted to us by the measured entity.
  • ATRS Employee data and records.
  • Information contained in posts you may make on the public forums and interactive features of our Services.

Other information that may be exchanged while engaging with ATRS.  You will be aware of any subsequently collected information because it will come directly from you.

Subject to the terms of this Privacy Notice, ATRS uses the above categories of personal information in several ways. Unless otherwise stated specifically, the above information may be used for any of the following purposes:

  • To administer our Services to you.
  • To respond to your requests.
  • To distribute communications relevant to your use of our Services.
  • As may be necessary to support the operation of our Services, such as for billing, account maintenance, and record-keeping purposes.
  • To send to you ATRS service offerings, B-BBEE training articles, B-BBEE legislation or clarification notices, event invitations, notifications, and the like that we feel may be of interest to you. Please note that you may “opt-out” of receiving these marketing materials.
  • In other manners after subsequent notice is provided to you and/or your consent is obtained, if necessary.

ATRS does not sell, resell or distribute for re-sale your personal information.

When providing personal information to ATRS as described in this Privacy Notice, that personal information is collected directly from you, and you will know the precise personal information being collected by us generally or during the B-BBEE Verification process. ATRS does not collect personal information from any other sources, except where it may automatically be collected as described in the section titled “Cookies, Device Data, and How it is Used” if the information in that section is considered personal information.

As a SANAS (South African National Accreditation System) accredited B-BBEE Rating Agency, ATRS’s role is to assess, verify and validate disclosed and undisclosed B-BBEE-related information on Verified Entities. The verification will be based on the principles contained in the B-BBEE Codes of Good Practice, as well as the relevant Sector Codes of Good Practice issued in terms of Section 9 (1) of the B-BBEE Act and any other related legislation.

ATRS will require information concerning the Measured Entity’s business, affairs, relevant employee, and beneficiary details during the B-BBEE verification process. The ATRS undertakes to use the confidential information disclosed to it solely for the purpose of the evaluation of the Measured entity’s B-BBEE status and no other purpose whatsoever.

The above undertaking will not apply to any confidential information which has become part of the public domain by publication or otherwise or where ATRS may be required to disclose such information to the dtic, SANAS and any other party authorized by the dtic, their legal advisers, or if put under legal obligation to disclose.

ATRS shall inform Verified Entities in advance, of any information which it intends to place in the public domain. All other information, except for the information that is made publicly available by the client, shall be considered proprietary information and regarded as confidential. Information about any clients or individuals shall not be disclosed to a third party without the written consent of the clients/individuals concerned.

Neither ATRS nor any of our employees shall be required to make use of or to disclose to a Measured Entity any information, whether known to them personally or known to colleagues, which is confidential to another Measured Entity.

ATRS reserves the right to report any circumvention of the B-BBEE Codes of or fronting practices to the dtic (The Department of Trade Industry and Competition) or its appointed regulatory body(ies).

If you agree to this in writing, we may provide any of the described categories of personal information to ATRS employees, consultants, affiliates, or other businesses or persons for the purpose of processing such information on our behalf to provide our Services to you. In such circumstances, we require that these parties agree to protect the confidentiality of such information consistent with the terms of this Privacy Notice.

We will not share your personal information with other, third-party companies for their commercial or marketing use without your consent as part of a specific program or feature which you will specifically be able to opt out of.

In addition, we may release personal information:

  • To the extent, we have a good-faith belief that such action is necessary to comply with any applicable law.
  • To enforce any provision of the Terms of Service, protect ourselves against any liability, defend ourselves against any claims, protect the rights, property, and personal safety of any user, or protect the public welfare.
  • When disclosure is required to maintain the security and integrity of the Service or to protect any user’s security or the security of other persons, consistent with applicable laws.
  • To the dtic, SANAS and any other party authorized by the dtic, their legal advisers, or if put under a legal obligation to disclose.
  • To respond to a court order, subpoena, search warrant, or another legal process, to the extent permitted and as restricted by law.
  • If we go through a business transition, such as a merger, divestiture, acquisition, liquidation, or sale of all or a portion of our assets.

We may communicate with you using email, and other channels (sometimes through automated means) as part of our effort to provide insight and education B-BBEE requirements, to market our services, administer or improve our services, or for other reasons stated in this Privacy Notice. You have an opportunity to withdraw consent to receive such direct marketing communications, as permitted by law.

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt out by emailing inf@atrs.co.za or by using the UNSUBSCRIBE link in any direct marketing email communication you may have received.

ATRS will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

ATRS maintain and retain records on the audit and verification process for all Verified Entities, including entities that submitted requests for verification, and all entities verified. Our record management system ensures that these records are accessible, reliable, and securely stored.

When you use our website and social network profiles, we may record unique identifiers associated with your device (such as the device ID and IP address), your activity within the Service, and your network location. ATRS uses aggregated information (such as anonymous user usage information, cookies, IP addresses, browser type, click stream information, etc.) to improve the quality and design of our website and social network profiles and to create new features, promotions, functionality, and services by storing, tracking, and analyzing user preferences and trends. Specifically, we may automatically collect the following information about your use of website and social network profiles through cookies, web beacons, and other technologies:

  • domain name
  • browser type and operating system
  • web pages you view
  • links you click
  • IP address
  • the length of time you visit the Sites, Portals, and/or Services
  • the referring URL or the webpage that led you to the Sites

A cookie is a small text file that is sent by a website to your computer or mobile device where it is stored by your web browser. A cookie contains limited information, usually a unique identifier and the name of the site. Your browser has options to accept, reject or provide you with notice when a cookie is sent.

We may use “cookies,” clear gifs, and log file information that help us determine the type of content and pages to which you link, the length of time you spend at any particular area of our website, and the portion of our website you choose to use.

Our cookies can only be read by ATRS; they do not execute any code or virus, and they do not contain any personal information. Cookies allow ATRS to serve you better and more efficiently, and to personalize your experience while using our website.

We may use third-party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on our website and social network profiles. We may permit these service providers to use cookies and other technologies to perform these services for ATRS. We do not share any personal information about our customers with these third-party service providers, and these service providers do not collect such personal information on our behalf. Our third-party service providers are required to comply fully with this Privacy Notice.

Our services are not intended for children under the age of 18, and ATRS does not collect the personal information of children under the age of 18.

However, ATRS might be required to collect and process the personal information of children during the B-BBEE verification process of the Verified Entity to verify claims which would require ATRS to do so. This will only be done on the condition of the following:

  • Processing is carried out with prior consent and in the presence of a competent person or legal guardian of the child.
  • It is necessary for the establishment, exercise, or defense of a right or obligation in law.
  • The appropriate safeguards have been put in place to protect the personal information of the child.

Special Personal Information includes the religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, DNA, sexual life, or criminal behavior of a data subject.

ATRS only process Special Personal Information for in line with B-BBEE claims and therefore this will only relate to race or ethnic origin. This will only be done if the Verified Entity provide proof of consent from the individual that his Special Personal Information may be processed during the B-BBEE verification process.

ATRS highly regards our responsibility to process employees’ personal information with respect and careful consideration of the purpose thereof.

Our employees have the right to know what personal information we collect, how long it will be retained, what we might use the information for, and their right access to the information. All records of consent to process personal information will be retained by the Information Officer.

ATRS will follow the following processes when collecting, processing, and retaining personal information about our employees:

  • Engagement at the Recruitment stage:
    • Personal information of applicants will be obtained directly from them.
    • Where ATRS makes use of Social Media platforms such as LinkedIn or online Recruitment Advertising platforms, ATRS will directly contact candidates by making use of Personal Information made public by the candidate on such platforms.
    • Where recruitment agencies are used for recruitment, the applicant must consent for their personal information may be obtained from the Recruitment Agency.
    • Personal information of unsuccessful candidates will be destroyed once a decision has been made about the appointment unless the applicant requests for ATRS to retain their information for future relevant employment opportunities.
  • Employee Induction stage:
    • All personal information of employees will be collected directly from the employee
    • In the case where ATRS will keep a record of the employee’s Next of Kin, the employee will have to notify them that their personal information (name, contact number, address) will be processed and obtain consent from them to do so.
    • ATRS will clearly explain for what purpose personal information will be processed.
  • Management of Employee records:
    • ATRS will review and analyze employee records quarterly to verify the quality, accuracy, and completeness of the information.
    • ATRS will review and update HR policies and contractual arrangements to ensure compliance with POPI.
    • ATRS has a clearly defined procedure in place for employees to access and update their personal information.
  • Termination of employment:
    • ATRS retains Employee records in line with legal and accreditation requirements for 2 years following termination of employment.
    • Employees’ personal information contained in completed client B-BBEE verifications will be processed and retained as required by the accreditation standard specified by SANAS. Hard copy client files must be kept from the accreditation cycle to the next and an additional 12 months after that. An accreditation cycle is 4 years, therefore hard copy client files will be retained for 5 years, after which the hard copy will be destroyed. Electronically scanned client files will be retained for a further 5 years.
    • Disposal of Employee records and personal information will be done in an appropriate manner and will include all hard copy documents and electronic data held by ATRS.

Personal information retained will be processed solely for that purpose and will not be published in an identifiable form.

All ATRS employees shall continually be responsible for ensuring the safeguarding, protection, and avoidance of any unauthorized disclosure or breach of personal data in the execution of employment duties and services to ATRS, or otherwise while rendering services or being associated with ATRS.

ATRS has appointed and registered Yolanda Du Plessis as their Information Officer with the Information Regulator (South Africa) in terms of section 55 and 56 of the protection of personal information act, 2013 (POPIA), and sections 1, 14, 51, or 17 of the promotion of access to information act, 2000 (PAIA), and Information Regulator’s Draft Guidelines on the registration of Information Officers.

The Information Officer shall:

  • Execute, and bear responsibility for reporting to EXCO about compliance with all technological and operational data protection standards and protocols and advise of any risk of a breach at the earliest opportunity with a view to avoiding any risk or breach, or limiting any damage resulting from it.
  • Ensure that all operational and technological data protection standards are complied with.
  • Arrange data protection training and provide advice and guidance to all employees.
  • Be entitled and have the authorization to initiate disciplinary proceedings against any employee who at any time breaches any technological and/or organizational and/or operational data protection standard, rule, custom, instruction, policy, practice, and/or protocol applicable in any department or area of the operations of the company.
  • Review and approve any agreements or contracts with third parties to the extent that they may handle or process data subject information.
  • Attend to requests from individuals to access data ATRS holds about them.

Where an individual or employee who is entitled to it, contacts ATRS requesting his/her personal information, it is called a “subject access request”.

Individuals and employees who are the subject of personal data held by ATRS are entitled to:

  • Enquire what information is held by ATRS about them and the purpose for holding it.
  • Enquire now to gain access to their own personal data.
  • Enquire to whom the information has been disclosed by ATRS
  • Be informed of any special measures ATRS uses to keep such data up to date.
  • Request, where allowed by law, the correction, updating, or deletion of the personal information held by ATRS.
  • Request, where allowed by law, the destruction or deletion of a record of the information held by us.
  • Object, or withdraw consent, to the processing of information by ATRS

ATRS holds the right to take reasonable measures to verify the identity of individuals who exercise their right to access of information upon request.

Employees, Suppliers, and any other third parties acting on behalf of ATRS must immediately direct any subject access requests to the Information Officer to be resolved.

Get in Touch

Get in touch with us and we’ll have one of our skilled staff members get you going.

Contact our Team