1. Introduction

Apple Cafe (Pty) Ltd (“Apple Cafe”) acknowledges and supports consumer rights and the right to privacy. Accordingly, our customers’ privacy and trust are extremely important to us! We will ensure that personal information (“information”) is collected and handled in a transparent and lawful manner in alignment with the Protection of Personal Information Act, 2013 (“POPIA”).

It is important that you read this Statement carefully before submitting any information to Apple Cafe:

• By submitting any information to Apple Cafe, you provide consent to the processing of your personal information as set out in this Statement.

• The provisions of this Statement are subject to mandatory, unalterable provisions of applicable laws.

• Please do not submit any information to Apple Cafe if you do not agree to any of the provisions of this Statement. If you do not consent to the provisions of this Statement, or parts of the Statement, Apple Cafe may not be able to provide its products and services to you.

We respect privacy, we promise:

• To implement reasonable computer (logical), physical and procedural (process) safeguards to protect the security and confidentiality of the information we collect

• To limit the information collected to the minimum required to provide a better service and/or product or meet our other goals

• To permit only properly trained, authorised employees to access information

• Not to disclose your information to external parties unless we are required or permitted by law to do so, and authorised by our Information Officer.

1.1. Purpose

Apple Cafe offer a wide range of products and services, including but not limited to purchasing Apple devices, selling Apple devices, repairing Apple devices, digital offerings, and value-added services. This Statement explains how we use the information we collect from you when you use our products and/or services and by using our products and/or services and/or by providing information to us you agree to the information being processed as set out in this Statement.

This Statement also:

• sets out the types of information that we collect.

• explains how and why we collect and use your information.

• explains whom we share your information with; and

• explains the rights and choices you have when it comes to your information

• explains how to contact us or the relevant authorities

Some parts of our business may need to collect and use personal information to provide you with their products and services. In most cases they will refer to this Statement, but you must also read their specific terms and conditions. The Apple Cafe website or mobile app may contain links to websites operated by other organisations that have their own privacy policies. Please make sure you read their terms and conditions and privacy policies carefully before providing any personal information on other websites as we do not accept any responsibility or liability for other organisations. We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for third party sites, their content, or any goods or services available through these sites.

1.2. Scope

In this Statement, “Apple Cafe”, “us”, “our” or “we” refers to the three (3) branches of Apple Cafe that operate in South Africa in Durban, Johannesburg and Richards Bay.

1.3. Legislation and Regulations

This Statement is subject to the laws of the Republic of South Africa in particular POPIA and the Consumer Protection Act, 2008 (“CPA”) as well as other relevant data protection legislation. Any dispute arising will, to the extent permitted by law, first attempted to be settled internally and if this is not possible be referred to arbitration in Durban at a venue to be determined by us applying the Uniform Rules of the High Court of South Africa.

1.4. Roles and Responsibilities

Based on POPIA, the following role players are relevant to this Statement:

Information Regulator           The Information Regulator Office duties includes providing education, monitor and enforce compliance, handle complaints and facilitate cross-border cooperation in the enforcement of privacy laws.   In the context of this Statement this is the office of individuals appointed by the President of South Africa in terms of POPIA.
Information Officer The individual who is the head of or CEO of Apple Cafe who is registered with the Information Regulator in terms of the PAIA and POPIA and is responsible for ensuring that Apple Cafe comply with the Acts.
Deputy Information Officer/s             The individual/s who is/are registered with the Information Regulator in terms of the PAIA and POPIA and have been delegated responsibilities in driving required activities on behalf of the Information Officer.   In the context of this statement these are the participates of the Privacy and Security Committee.
Data subject        Any natural or juristic person who is identifiable by means fovea an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity.   In the context of this Statement this is the person (aka consumer or customer) whose information is being processed by Apple Cafe.
Responsible Party The party who determines the purpose of and means for processing personal information and is also responsible for protecting (safeguarding) the information of the data subject.   In the context of this Statement this is either Apple Cafe or a business partner (depending on the context).
Operator or Processing Party The party who processes (collect, receive, record, collate, store, anonymise, retrieve, alter, use, distribute, erase or delete) information for a responsible party in terms of a contractual agreement or mandate on behalf of a Responsible Party.   In the context of this Statement this is either Apple Cafe or a business partner.

2. Information Collection

To register an Account or make use of Online Shopping, etc you are required to provide us with your personal information including but not limited to your name, surname, contact number and email address.

You may provide personal information to us either directly or indirectly (through a person acting on your behalf), by completing an application form for our products and services or requesting further information about our products and services, whether in writing, through our website, over the telephone or any other means.

We only collect information that is reasonably necessary for our business functions and activities and related purposes. The type of information we collect and hold, will depend on the purpose for which it is collected and used. Where possible, we will inform you what information you are required to provide to us and what information is optional. The information we process is typically to provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for, to manage and improve our day-to-day operations, to manage and improve our loyalty program, websites and mobile platforms with the aim of improving your customer experience.

We may also collect your personal information from a person acting on your behalf, any regulator, or other third party that may hold such information.

You agree to give accurate and current information about yourself to Apple Cafe and to maintain and update such information when necessary.

2.1. Services in Collaboration with business partners

Apple Cafe have various partnerships and we also provide various goods and services. To deliver these goods and services, varying levels of information are required to be processed, including obtained from or shared with relevant external business partners (local and/or abroad) to verify against, or facilitate the goods or services offered by the business partner. When you agree to the Apple Cafe and/or business partner’s terms and conditions, it allows us to share the relevant information to facilitate the product or service being rendered to you.

Note that for some of our products may require you to provide additional information directly to a business partner of ours. In such instance, Apple Cafe will process this information on the business partner’s behalf and as such the relevant business partner remains responsible for protecting this information, not Apple Cafe. When signing up with one of our business partners, it is important for you to recognise that you are establishing a direct, binding relationship with such a partner under their terms & conditions and related privacy policies and that they would be the responsible party under POPIA.

2.2. Persons under 18 years

Apple Cafe will not knowingly collect any information of persons (minors) under the age of 18 years. Our website and mobile apps, products and services are all directed to people who are at least 18 years old or older.

If you are under the age of 18 years, you must not provide any information to Apple Cafe without the consent of your parent or guardian. If you become aware that a “child” has provided their personal information without parental consent, please contact us immediately. If we become aware that a child has provided us with personal information without parental consent, we will take steps to remove the data and cancel the child’s account.

2.3. Your Account

When signing up for certain Apple Cafe services, you are required to create a user account. You agree that you will provide accurate information to us and keep it updated, and that you will not create a false identity or an account for anyone other than yourself. It is your responsibility to safeguard your Account profile’s username and password. This includes that you make use of a strong password and that you do not intentionally or unintentionally divulge it to anybody else. In the event of someone else using your username and password to make changes to your profile or transact on your behalf, you will be held responsible for the changes and the outcome thereof.

If you suspect its misuse or compromise, you must report this to our Customer Care Line on 083 591 2035 or via email at sales@applecafe.co.za as soon as possible.

2.4. Cookies

A cookie is a piece of information that is deposited in your computer’s hard drive by your web browser when you use our computer server. Most web browsers accept cookies automatically, but you can alter your settings to prevent automatic acceptance. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalised web experience.

2.5. Embedded Scripts

An embedded script is a programming code that is designed to collect information about your interactions with the Apple Cafe website. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to our website and is deactivated or deleted thereafter.

2.6. Mobile Device Identifiers

Certain mobile service providers uniquely identify mobile devices. Apple Cafe or our third-party service providers may receive such device information if you access our website or mobile applications through your mobile device when allowing cookies or push notifications.

2.7. Closed-Circuit Television (CCTV)

Closed-Circuit Television (CCTV) images are processed, monitored and recorded for the purposes of crime prevention and detection as well as public safety in our stores and regional support offices.

3. Purpose and Use of Information

Apple Cafe will use your information for the purposes for which it was collected or agreed with you to facilitate the provision of our products and services to you, and for purposes which are within reasonable expectations and where permitted by law.

Examples of information collected from you or other sources and processed by Apple Cafe are detailed below (which is not an exhaustive list) and linked to the purpose thereof.

• Regulatory compliance – to adhere to but not limited to the Consumer Protection Act (CPA), Anti-Money Laundering and/or Counter Terrorism Financing rules and regulations and the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA).

• Biometric information – to facilitate the RICA process

• Contact information – to facilitate essential support via communications as well as better customise our offering to you, including:

– In support of facilitating required activities for services and programs you have chosen to participate in i.e.: OTPs, invoices, statements, deliveries, etc.

– Send information regarding services and programs via direct marketing i.e., new benefits, clubs or partners as well as inform you of promotions or deals.

– Process the return of products to our store

– Send information regarding services and programs via direct marketing i.e., new benefits, clubs or partners as well as inform you of promotions or deals.

– Send or serve you targeted advertising across social media, other digital media platforms and physical post.

– Contact you where you may have won a competition / draw that you have entered.

– Request your feedback and opinion in the form of surveys, opinion polls or focus groups, should you wish to participate.

– Contact you in relation to Customer Careline feedback, custom complaints or other feedback you wish to give us where you agree to us contacting you.

• Any additional information relating to you that you provide to us directly through the website, mobile apps or indirectly through use of thereof, offline or online, through our representatives or otherwise.

• Share information with 3rd (third) parties as an outsourced function, with the purpose of communicating to you and/or facilitate (operate) the subscribed service(s).

Emailers / SMSes • Facilitate required communications such as one-time passwords, invoices, statements and personalised discounts linked to the Apple Cafe associated programs and services you are using. • Send you communications for Apple Cafe associated programs and services you are using where you have not opted out of direct marketing communications via your preferences.               • First Name and Surname • Email address • Contact Numbers (Telephone and Mobile)  
Products and services (in store or online) rendered by either Apple Cafe and/or business partners              • Process your application • Create a uniquely identifiable customer record • Provision the relevant services as set out in the respective Terms & Conditions for the relevant Products and/or Services subscribed to by the Data Subject • Process payments • Regular communications • Provide individually customised promotions and discounts • First Name and Surname • Email address • Contact Numbers (Telephone and Mobile) • Physical Address • Payment Card and CCV Number
Apple Cafe Customer Care Complaints / Compliments • Assist Apple Cafe to categorise the Data Subject’s complaint or compliment • Provide feedback to the Data Subject regarding the complaint or compliment • First Name and Surname • Email address • Contact Numbers (Telephone and Mobile)
Competitions Apple Cafe and/or business partners • Validate the Data Subject’s entry and whether he/she is eligible to partake in the competition • Contact the Data Subject if he/she is the prize winner • First Name and Surname • Email address • Contact Numbers (Telephone and Mobile)  
Customer Surveys Apple Cafe and/or business partners Request Data Subject to voluntary participate relating to their shopping experience and/or how customer service can be improved.            • First Name and Surname • Email address • Contact Numbers (Telephone and Mobile) • Opinions
CCTV Surveillance Stores and Office buildings under 24×7 CCTV camera surveillance for public safety, crime prevention and quality control. Data Subjects’ physical features such as face, gender, race, height, clothing worn at the time and actions at the time.
Social Media Social Media adverts for products and services which you may be interested in. Content of Data Subjects’ posts.
Website Apple Cafe and/or business partners Information is collected using cookies and/or embedded scripts within the website Computer device information (whether you are a registered and unregistered user) such as • The website that referred you, • The web pages viewed during your visit, •The advertisements you clicked on, and • Any search terms you entered on our website (user information)

We may also use your information for the following reasons:

• Complying with statutory and regulatory requirements in respect of the storage and maintenance of documents and information.

• Complying with valid requests for information, including subject access requests and requests in terms of PAIA.

• Complying with information requests by regulators or bodies lawfully requesting the information (e.g., tax authorities).

• Providing customer service and assessing customer complaints.

• Assisting in law enforcement, fraud investigations, anti-money laundering and counter-terrorist financing initiatives.

• Providing you with the services, products or offerings you have requested, and notifying you about important changes to these services, products or offerings.

• Managing your account or relationship and complying with your instructions or requests.

• Detecting and preventing fraud and money laundering and/or in the interest of security and crime prevention.

• Operational, marketing, auditing, legal and record keeping requirements.

• Complying with applicable laws.

• Conducting market research and providing you with information about Apple Cafe’s products or services from time to time via email, telephone or other means (for example, events).

• Where you have unsubscribed from certain direct marketing communications, ensuring that we do not sent such direct marketing to you again.

• Disclosing your personal information to third parties for reasons set out in this Statement or where it is not unlawful to do so.

• Monitoring, keeping record of and having access to all forms of correspondence or communications received by or sent from Apple Cafe or any of its employees, agents or contractors.

• Improving or evaluating the effectiveness of Apple Cafe`s business or products, services or offerings.

• Conducting internal investigations.

4. Direct Marketing and Opting Out

If you are an existing customer, we may communicate with you based on the enquiry or purchase you made previously at Apple Cafe (instore or online). This may include making contact via telephone, email, SMS, social media and other channels about products and or services which may be if interest to you. If you are not considered to be a customer, we will obtain your consent to opt-in to direct marketing.

You may opt-out (free of charge) from receiving future promotional information or direct marketing from Apple Cafe by either unsubscribing to the specific communications you receive by replying to the email or via SMS.

5. Retention and Destruction of Information

Information that Apple Cafe collects is kept in a form which permits your identification for no longer than is necessary to honour your choices, to fulfil the purposes for which it was collected and processed in each specific case, and in any case not longer than as specified by the relevant applicable laws unless we have your consent to process it indefinitely.

Apple Cafe will retain your information after you have closed your account where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our agreement, or fulfil your request to “unsubscribe” from further messages from us.

We may retain de-identified, anonymised or pseudonymised information after your account has been closed using techniques that do not permit your re-identification. If none of the afore-mentioned scenarios are required, Apple Cafe will permanently delete (electronic) and shred (paper) after the purpose of collection the information has expired.

6. Information Preservation and Protection

Apple Cafe will take reasonable steps to protect the information we collect, hold and process from misuse, loss and from unauthorised access, modification or disclosure. We hold information both at our own premises and with the assistance of our service providers.

This is based on the information security principles of Confidentiality, Integrity, Availability and Privacy (CIAP) as governed by our Information Security Policy. This sets out Apple Cafe’s objectives and general approach to information security, which aims to protect Apple Cafe’s business information and safeguard any personally identifiable information within our custody. We seek to achieve the following 5 key objectives as it relates to Information Security:

Improve the security culture through continuous education and awareness A focused, risk-based approach to protect assets and information Comply to the legal and regulatory requirements Balance the need for protection with effective detection and response              Integrate security into business decisions through ownership and leadership

Because no data transmission over the internet is completely secure, and no IT system of physical or electronic security is impenetrable, we cannot guarantee the security of the information you send to us or the security of our servers or databases. Having noted that, we do take every reasonable step within our control, to protect your information and preserve the accuracy thereof. Quality of information means that the information we use must be appropriate, complete and reliable. The higher data quality we maintain, the better service we can render.

7. Information Disclosure

Notwithstanding anything to the contrary in this Statement, Apple Cafe reserves the right to disclose any information about you if we are required to do so by law, and if we believe that such action is necessary to: (a) fulfil a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our website, or other users; or (d) in an emergency to protect the health and safety of our website’s users or the general public.

Authorised Apple Cafe employees or agents will have access to some or all your information. We may also disclose your information within our group of companies. Such data sharing is governed by our CIAP information security principles and associated practices.

We do use service providers to provide our services and maintain our systems, including but not limited to maintenance, security, analysis, audit, payments, customer service, marketing and system development. These parties will have access to your information as reasonably necessary to perform these tasks on our behalf (namely role-based access). Where we contract with service providers, and wherever possible, we impose contractual obligations on them to ensure that your information is handled and secured in accordance with law and industry good practise.

Unless you have explicitly consented to this, we will never sell your personal information.

8. Your Right to Access Information

Depending on which product or service you (as the Data Subject) have signed up for, you can update some of your information via our digital channels. Alternatively, your information can be updated via our email address which is sales@applecafe.co.za.

You have the right:

• Free of charge, to confirm with us whether we hold any information about you.

• To request the record of information held by us

  • To request a description of the information held by us, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.

• To update and correct any out-of-date or incorrect information we hold about you.

• Destroy or delete a record of information of you which we are no longer authorised to retain; and

• Update your communication preferences and / or unsubscribe from communications we may send you.

Before we provide you with access to your information, we may require proof of identity. We may require up to 21 (twenty-one) days to respond to any requests for information. We may refuse to disclose some information in accordance with PAIA.

If you require Apple Cafe to delete all your information that we have about you, please also contact us on sales@capplecafe.co.za. We may also refuse to delete some of your information if we are required by law to retain it or if we need it to protect our rights.

9. Information Breach Notification

A security compromise or information breach can be described as a threat to the Confidentiality, Integrity, Availability or Privacy of IT systems and/or information. Such incidents are governed by the Apple Cafe Security Incident Response process which allows us to deal with the compromise/breach and/or loss in an efficient and effective manner. One of the key pillars of this process is keeping all impacted stakeholders informed and updated.

When there are reasonable grounds to believe that your information has been accessed, altered, deleted or acquired by any unauthorised person, we will notify the Information Regulator and yourself in cases where your identity can be established. This notification will be done in accordance with the provisions of POPIA and as soon as reasonably possible after the discovery of the compromise, considering the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of our systems.

10. Amendment of this Statement

We may amend this Statement from time to time for any of the following reasons:

• To provide for the introduction of new systems, methods of operation, services, products, property offerings or facilities.

• To comply with changes to any legal or regulatory requirement.

• To ensure that this Statement is clearer and more favourable to you.

• To rectify any mistake that may be discovered from time to time; and/or

• Or any other reason which Apple Cafe, in its sole discretion, may deem reasonable or necessary.

Any such amendment will come into effect and become part of any agreement you have with Apple Cafe when Statement is given to you of the change by publication on our website. It is your responsibility to check the website often.

11. Contact Us

11.1. Apple Cafe Information Officer

If you have questions about this Privacy Statement or wish to exercise your rights in terms of access to, correction, or deletion of your information, please contact us via our email sales@applecafe.co.za or 083 591 2035 and we will attempt to resolve your query.

If unable to, and depending on your situation, our Customer Care Line will explain the process to follow and potentially refer your query to internal subject matter experts.

Our Information Officer contact details are:

Information Officer / Deputy Information Officer

Address: 21 Romax Court, 136 Jan Hofmeyr Road, Westville, Durban, 3629

Tel: +27 (31) 266 1944

Email: sales@applecafe.co.za

11.2. Information Regulator (South Africa)

Should you believe that Apple Cafe has utilised information contrary to applicable law, you undertake to first attempt to resolve any concerns with Apple Cafe. If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator of South Africa.

The Information Regulator’s contact details are:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

P.O Box 31533, Braamfontein, Johannesburg, 2017

Email: inforeg@justice.gov.za

Website: https://www.justice.gov.za/inforeg/