Syscor Privacy Policy

**Privacy Policy**
Updated 30 October 2023

1. **Controller**
Systems Trading Corporation T/A syscor
25 Mulbarton Street
Johannesburg, 2194, South Africa

Contact Details in Data Protection Matters:

This Privacy Policy informs you how Systems Trading Corporation T/A syscor, as a data controller, processes your personal data. This Privacy Policy concerns syscor websites and all products and services that collect personal data or are linked to this Privacy Policy. We have a shared customer, marketing, and stakeholders register, and our group companies act as joint controllers for that register. If you are a consumer who resides in the State of California, California resident, this supplementary privacy notice for California residents applies to you.

2. **Name of Register**
Customer, Marketing, and Stakeholders Register

3. **What data do we process, and what is the purpose and the legal basis of processing the personal data?**

Data subjects are the customers, potential customers, and stakeholders of Systems Trading Corporation T/A syscor.

Basic information such as name, customer number, username, and/or other identifier, preferred language.
Contact information such as email address, phone number, address information
Information related to the company’s contact persons
Customer surveys
Recording sales calls for employee training purposes and for improving our sales processes
Information you provide in connection with the events we host, registration data, special diets, invoicing data
Information of the customer relationship and the contract, such as information of past and current contracts and orders, correspondence with you and other communication, payment information, and other information that you have voluntarily provided to our systems
Data of the connection and terminal device you are using, such as the IP address, device ID, or other device identifier and cookies
Targeting advertising in our online services
Delivering and improving our products and services according to your needs
Fulfilling our contractual and other promises and obligations
Purchasing and ordering necessary services and products from our suppliers to maintain our business. Marketing our services to relevant companies
Possible direct marketing opt-outs. Serving customers’ interest in not receiving direct marketing
Organizing events
Compliance with our contractual and other promises and obligations.
Managing the customer relationship.Bookkeeping
Developing our services
Analyzing and profiling behavior
Legitimate interest
Performance of a contract
Legitimate interest
Legal obligation
Legitimate interest in being able to fulfill our legal obligation to ensure opt-out from direct marketing in accordance with the law
Legitimate interest in being able to host events and invoice when applicable | Consent regarding health data (e.g. allergies)
Performance of a contract
Legal obligation
4. **From where do we receive data?**

We receive information primarily from the following sources: yourself, population register, authorities, credit information companies, contact information service providers, and other similar reliable sources. We also collect information when our services or websites are used. More information on how we use cookies can be found in Section 7 below.

For the purposes described in this Privacy Policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of applicable laws and regulations.

5. **To whom do we disclose data, and do we transfer data outside of EU, EEA,
We may disclose data from this customer, supplier, and marketing register to our cooperation partners who do marketing and arrange campaigns and events with and on behalf of us, and who consider themselves as controllers instead of processors working on our behalf (these parties include social media operators and advertisement networks). Otherwise, we do not disclose data from the register to external parties unless required by legislation or an order by the authorities.

We utilize subcontractors that process personal data on behalf of and for us. We have outsourced our IT management and the maintenance of our customer and marketing systems to outside service providers on whose administered and protected servers the personal data is stored.

We transfer personal data outside the EU/EEA in connection with the purposes stated in this Privacy Policy. When personal data is processed outside the EU/EEA, we ensure that the personal data is transferred in accordance with applicable law, for example, by using the EU Commission’s standard contractual clauses or other appropriate safeguards as described in Article 46 of the GDPR.

6. **How do we protect the data, and how long do we store them?**

Only those of our employees who, on behalf of their work, are entitled to process customer data are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords, and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.

We store the data as long as it is necessary for the purpose of processing the data. Personal data in the Customer, Stakeholder, and Marketing register is erased after the claim period related to a specific customer, stakeholder, or service relationship has elapsed. This period is typically ten (10) years.

We regularly estimate the need for data storage, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated, or inaccurate personal data is stored in the register, taking into account the purpose of the processing. We correct or erase such data without delay.

7. **How do we use cookies on our website?**
Our websites and social media channels use cookies and other similar technologies for managing and developing the website, improving and analyzing the user experience, and targeting advertisements in our and our partners’ services. Cookies allow us to collect information such as from which websites users arrive on the pages, which pages are browsed and when, which browser is used, and the IP address of the device.

For more information on how we use cookies, please see our Cookie Policy.

8. **What are your rights as a data subject?**

You have the right to access the personal data stored in this register concerning yourself, and the right to demand rectification or erasure of that data. You also have the right to withdraw your consent where we process your data based on your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object to processing or to request restriction of the processing of your personal data at any time and free of charge and to lodge a complaint with the supervisory authority. Please see a list of supervisory authorities’ websites here (Link to EU Commission’s website) and the contact information of the South African Data Protection Ombudsman below.

South African Data Protection Ombudsman: click here

For specific personal reasons, you also have