Volvo Financial Services

South Africa

PRIVACY NOTICE

                                                                                                                                                                                       Effective: June 30, 2021

Who are we?   

Volvo Financial Services Southern Africa (Pty) Ltd (“VFS”) is a leading vehicle and equipment finance company based in Gauteng South Africa. We are a Responsible Party in terms of the Protection of Personal Information Act, 4 of 2013 (POPIA) with respect to your Personal Information and as such we want to take certain steps to make sure that you are fully aware of exactly who we are, the types of Personal Information we process, how we process it, who we may need to share it with, as well as what your rights are in relation to our processing of your Personal Information in terms of POPIA. VFS has published a formal Privacy and Data Protection Policy, which is incorporated into this Privacy Notice below and can be sourced at www.vfsco.co.za or www.vfsco.com/za.

As will become clear to you in this notice, we process all Personal Information in order to enable us to do business with you and to provide products and services to you. In this notice, “you” means you as an individual with whom we are dealing or, in the case of a legal entity, that legal entity, including the individual owners, officers, employees, contractors or representatives whose Personal Information we may need to collect and process in order to provide the requested services.

What Personal Information do we collect and process?

Please note that in accordance with Section 18 of POPIA you are hereby expressly informed of the fact that when you engage with us, or when we engage with you, you may need to provide us with the following Personal Information, including but not limited to:

  • Your full names
  • Your identity number or passport number
  • Your registration number (in the case of a juristic person)
  • Phone/mobile number
  • Your banking details
  • Physical and postal address
  • Statutory information
  • Biometrics
  • Unique identifiers
  • Property information in general
  • Email address or other contact details
  • Telematics data (in as far as it can be classified as Personal Information)
  • Employment information
  • Video/Audio/Photo footage
  • Trade Union Membership
  • Gender
  • Nationality

You should know that we collect and record all telephone calls, internet communications (including IP addresses), all correspondence we have with you irrespective of the medium of communication, details of your dealings with us and any visits to our website(s), mobile and web-based applications. In addition, we collect and generate information in relation to your profile as a customer of ours.

What do we do with your Personal Information and why do we collect it?

We take the privacy of our data subjects (customers, employees, suppliers etc.) very seriously and we only collect and process Personal Information for specific purposes which are connected to our legitimate business purposes, which we generally need in order to comply with our obligations towards you and also to comply with obligations which are imposed upon us in terms of applicable laws regulating us.

The Personal Information you provide to VFS in your dealings with us, is primarily processed for the purposes of enabling us to comply with our contractual and lawful obligations. However, we do want to highlight a few specific instances which are also connected to our legitimate business purposes:

  • To provide or manage any information, products and/or services requested by you pursuant to your VFS dealings.
     
  • To evaluate whether or not to offer, extend or modify any financing or other services requested by, or provided to, you (each such decision being a “Credit Decision”).  Credit Decisions may be made on a manual or automated basis and may include processing in connection with any risk analysis tool or method we choose to use from time to time to help with same.
     
  • Using, processing, sharing/transferring or engaging in analytics of your Personal Information for (i) routine business purposes; or (ii) the purposes of new business or product development.
     
  • To establish your needs, requirements and preferences in relation to the products and/or services provided by VFS.
     
  • Developing (and, where applicable, offering, extending or modifying) specific or bespoke financing products or other services (including usage-based contracts, service and maintenance contracts, payment solutions, and the provision of insurance related services).
     
  • To allocate unique identifiers to you for the purpose of processing your Personal Information, securely storing, retaining, and recalling your Personal Information from time to time, regardless of whether you conclude an agreement with VFS.
     
  • For general administration purposes pertaining to your request.
     
  • To improve the quality of VFS’ products and services.
     
  • To help recover bad debts, including vehicle disposition in case of repossession.
     
  • To collect and share vehicle telematics data from any vehicles you own, possess or operate, from which telematics data can be considered as Personal Information as defined by POPIA.
     
  • Processing all or part of the vehicle or telematics data generated by the vehicle(s) which are the subject of your VFS dealings for our legitimate business purposes, whether or not sent directly to us or received from another Volvo Group Company, including but not limited to:

PRIVACY NOTICE

Effective: June 30, 2021

Who are we?   

Volvo Financial Services Southern Africa (Pty) Ltd (“VFS”) is a leading vehicle and equipment finance company based in Gauteng South Africa. We are a Responsible Party in terms of the Protection of Personal Information Act, 4 of 2013 (POPIA) with respect to your Personal Information and as such we want to take certain steps to make sure that you are fully aware of exactly who we are, the types of Personal Information we process, how we process it, who we may need to share it with, as well as what your rights are in relation to our processing of your Personal Information in terms of POPIA. VFS has published a formal Privacy and Data Protection Policy, which is incorporated into this Privacy Notice below and can be sourced at www.vfsco.co.za or www.vfsco.com/za.

As will become clear to you in this notice, we process all Personal Information in order to enable us to do business with you and to provide products and services to you. In this notice, “you” means you as an individual with whom we are dealing or, in the case of a legal entity, that legal entity, including the individual owners, officers, employees, contractors or representatives whose Personal Information we may need to collect and process in order to provide the requested services.

What Personal Information do we collect and process?

Please note that in accordance with Section 18 of POPIA you are hereby expressly informed of the fact that when you engage with us, or when we engage with you, you may need to provide us with the following Personal Information, including but not limited to:

    Your full names

    Your identity number or passport number

    Your registration number (in the case of a juristic person)

    Phone/mobile number

    Your banking details

    Physical and postal address

    Statutory information

    Biometrics

    Unique identifiers

    Property information in general

    Email address or other contact details

    Telematics data (in as far as it can be classified as Personal Information)

    Employment information

    Video/Audio/Photo footage

    Trade Union Membership

    Gender

    Nationality

You should know that we collect and record all telephone calls, internet communications (including IP addresses), all correspondence we have with you irrespective of the medium of communication, details of your dealings with us and any visits to our website(s), mobile and web-based applications. In addition, we collect and generate information in relation to your profile as a customer of ours.

What do we do with your Personal Information and why do we collect it?

We take the privacy of our data subjects (customers, employees, suppliers etc.) very seriously and we only collect and process Personal Information for specific purposes which are connected to our legitimate business purposes, which we generally need in order to comply with our obligations towards you and also to comply with obligations which are imposed upon us in terms of applicable laws regulating us.

The Personal Information you provide to VFS in your dealings with us, is primarily processed for the purposes of enabling us to comply with our contractual and lawful obligations. However, we do want to highlight a few specific instances which are also connected to our legitimate business purposes:

    To provide or manage any information, products and/or services requested by you pursuant to your VFS dealings.
     

    To evaluate whether or not to offer, extend or modify any financing or other services requested by, or provided to, you (each such decision being a “Credit Decision”).  Credit Decisions may be made on a manual or automated basis and may include processing in connection with any risk analysis tool or method we choose to use from time to time to help with same.
     

    Using, processing, sharing/transferring or engaging in analytics of your Personal Information for (i) routine business purposes; or (ii) the purposes of new business or product development.
     

    To establish your needs, requirements and preferences in relation to the products and/or services provided by VFS.
     

    Developing (and, where applicable, offering, extending or modifying) specific or bespoke financing products or other services (including usage-based contracts, service and maintenance contracts, payment solutions, and the provision of insurance related services).
     

    To allocate unique identifiers to you for the purpose of processing your Personal Information, securely storing, retaining, and recalling your Personal Information from time to time, regardless of whether you conclude an agreement with VFS.
     

    For general administration purposes pertaining to your request.
     

    To improve the quality of VFS’ products and services.
     

    To help recover bad debts, including vehicle disposition in case of repossession.
     

    To collect and share vehicle telematics data from any vehicles you own, possess or operate, from which telematics data can be considered as Personal Information as defined by POPIA.
     

    Processing all or part of the vehicle or telematics data generated by the vehicle(s) which are the subject of your VFS dealings for our legitimate business purposes, whether or not sent directly to us or received from another Volvo Group Company, including but not limited to:

GPS location data for use in tracking or “geofencing” vehicles for the purpose of:

    Routine floorplan audits (wholesale/dealer financing)

    Repossession & recovery on default

    Compliance with contractual restrictions on permitted geographical use (e.g. to ensure compliance with trade sanctions, other regulatory requirements or agreed permitted use restrictions)

Usage based contracts:

    Use of time, mileage or other odometer readings for the purpose of ”power by kilometer” or “power by the hour” contracts or certain return conditions under an operating lease.

    Use of telematics to assist with fleet management services. 

Use of telematics to assist us in confirming that required maintenance & servicing is being done throughout the lifetime of a lease as per agreed contract terms or, for example, tracking mileage or hours used to help us determine current market values on return or repossession of a unit.

Use of telematics for the purposes of developing and providing insurance related products and services, including but not limited to “connected insurance”.

Use of GPS data to help us understand a customer’s operational use for credit underwriting purposes.

Data analytics to help us anticipate trade-in or replacement needs going forwards and proactively support your business needs.

Regarding vehicle performance, we may collect telematics data related to fuel consumption as well as vehicle utilization for the purpose of helping customers optimize their operations and better select the right vehicle specification for the job at hand.

Regarding safety, we may collect safety-related data such as safety systems activation (ABS, anti-roll systems, hard braking, hard cornering events, speed, seat belt usage, etc.). The purpose of collecting such data includes the ability to offer safety-improvement programs to customers, either directly or through partners, and may also be required for connected insurance products.

  • To analyse your Personal Information collected for research and statistical purposes.
     
  • To, unless you expressly “opt out”, process your Personal Information as defined above for the purposes of marketing and advertising to you of products and services provided by or through the Volvo Group of companies. In this regard, we undertake not to sell, share or transfer your data to any other third party not forming part of the Volvo Group of companies for any marketing or advertising purposes.
     
  • To, once financing or services are contemplated or have been provided, reserve the right to sell any ownership interest therein and related future receivables to a third party (a “Capital Markets Partner”).  In evaluating such decision, all or part of your Personal Information may be disclosed to Capital Markets Partners and to such other third parties with whom we or a Capital Markets Partner is in dialogue regarding the sale of such ownership interests (including rating agencies, securities and exchange regulators and potential investors).
     
  • To, for the purposes of enhancing the scope of products and services we can offer to you or the method of delivery of same, share or transfer all or any part of your Personal Information to a third party who is a potential business partner or actual provider/supplier of outsourced services to us.
     
  • To, at any time procure or share information relating to your credit worthiness and risk profile from or with any registered credit bureau or credit provider’s industry association or industry body, which includes information pertaining to your credit history, financial history, judgements, default history and sharing information for purposes of risk analysis, tracing and related purposes.

Who do we share your Personal Information with?

For us to maintain the high standards of product and service delivery you have come to appreciate, we may transfer or otherwise share your Personal Information with some of our suppliers, service providers, business partners and Volvo Group Companies as we deem necessary for our legitimate business purposes and on the basis of other legal grounds. When disclosing Personal Information to our suppliers, service providers, business partners and Volvo Group Companies, we will use reasonable endeavours to satisfy us that the relevant recipient has adequate protections in place, to the extent required by applicable law.  If applicable, this may include putting in place appropriate data transfer agreements and/or data processing agreements in a format that meets applicable legal requirements for the protection of Personal Information

Where do we store your Personal Information and how long do we store it for?

We only store your Personal Information for as long as we need to in order to fulfil the purpose for which we initially collected it, which may include either complying with our obligations towards you as a customer,  or otherwise in accordance with applicable laws. In storing your Personal Information, we may transmit or transfer Personal Information outside South Africa to a foreign country. As such, Personal Information may be stored on servers located outside of South Africa in foreign countries that have different data protection laws in place. When transferring or sharing Personal Information to a third country, we will use reasonable endeavours to satisfy us that the relevant recipient has adequate protections in place, to the extent required by applicable law.  If applicable, this may include putting in place appropriate data transfer agreements and/or data processing agreements in a format that meets applicable legal requirements for the protection of Personal Information.

What are your Rights?

It is important that you know that you have certain rights in terms of POPIA and we want you to know exactly what they are and how they relate to us. As a data subject in relation to VFS, you have the following rights:

  • You have the right to access your Personal Information - You can ask us at anytime what Personal Information of yours we hold and we will afford you access to it in the most effective way possible.
     
  • You have the right to correct your Personal Information - You can ask us to update your Personal Information or even delete any information which is no longer accurate because we want to make sure your information is accurate and complete, but we do need your help and in some instances where you may request us to delete your Personal Information, doing so may have an effect on our ability to comply with our obligations towards you.
     
  • You have the right to object to our processing of your Personal Information – we don’t want to process your information if you don’t want us to, but just bear in mind that it may influence our ability to fulfil our obligations towards you and there may be a period, even after your objection, for which we may need to process your Personal Information.
     
  • You have the right to lodge a complaint – If you feel that we are not processing your Personal Information lawfully, we encourage you, and would always appreciate it if you spoke with us first, to file a complaint to our Information Officer. However, you also have the right to lodge a complaint with the Information Regulator if you feel that we are not complying with our obligations in terms of POPIA.

 

The contact details of the Information Regulator are:

The Information Regulator (South Africa)

JD House 27 Stiemens Street Braamfontein Johannesburg, 2001

PO Box 31533

Braamfontein, Johannesburg, 2107

E-mail: inforeg@justice.gov.za

With that said, we have implemented (and continue to implement) reasonable security measures and protocols to protect the Personal Information we hold. These measures are to protect any Personal Information we hold from being disclosed without authorisation, from loss, damage, destruction or unauthorised access. As you will know nothing is 100% secure in this day and age and therefore, we ask that if you suspect that either you, or we, have had an information security breach, please notify us immediately so that we can take action. You can do so by contacting our Information Officer whose information is set out below.

If you need to speak with our Information Officer, feel free to contact him. Our Information Officer is Luter Roll and any queries or even questions you may have regarding this privacy notice and VFS’ POPIA compliance efforts can be directed to Support.privacysa@vfsco.com.

This Privacy Notice may be updated periodically and to reflect changes in our Personal Information practices. We will indicate at the top of the Privacy Notice posted in our website when it was most recently updated.

Effective: June 30, 2021

VOLVO FINANCIAL SERVICES SOUTHERN AFRICA (PTY) LTD.

DATA PROTECTION AND PRIVACY POLICY

1           DEFINITIONS

In this Policy (as defined below), unless the context requires otherwise, the following capitalised terms shall have the meanings given to them —

1.1             "Active Processing" means instances where VFS has directly been provided with the Personal Information/Personal Data of Data Subjects, such as when Data Subjects submit an enquiry in respect of our Services, or when Data Subjects provide Personal Information/Personal Data to VFS pursuant to concluding any commercial agreement(s) with VFS;

1.2             "Applicable Laws" means any laws applicable to Personal Data and Personal Information and includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation; the common law; any binding court order, judgement or ruling; any applicable industry code, policy or standard enforceable by law; or any applicable direction, policy or order that is given by any regulator, competent authority or organ of state or statutory industry body;

1.3             "Biometrics" means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition;

1.4             "Capital Markets Partner" means a third party in respect of whom VFS reserves the right to sell any ownership interest in any financing, services or future receivables to once such financing or services contemplated in respect of a Customer have been provided;

1.5             "Consent" means any voluntary, specific and informed expression of will in terms of which permission is given for the Processing of Personal Information;

1.6             "Controller" means VFS, in circumstances where it Processes Personal Data (as defined in Article 4 of the GDPR);

1.7             "Customer(s)" means any natural person(s), or juristic person(s), who have concluded an agreement with VFS in terms of which such Customer procures the Products and Services provided by VFS;

1.8             "Data Processing Infrastructure" means any and all systems, networks, servers, workstations, laptops, mobile devices, web applications, mobile applications, cloud storages, websites owned, controlled or operated by VFS;

1.9             "Data Subject" means VFS’ Customer(s) or any Third-Party in respect of whom VFS Processes Personal Information/Personal Data;

1.10           "De-identify" means in relation to personal information of Data Subject(s), to delete any information that (i) identifies the Data Subject(s); (ii) can be used or manipulated by reasonably foreseeable method to identify the Data Subject(s); or (iii) can be linked by reasonably foreseeable method to other information that identifies the Data Subject(s); ;

1.11           "Electronic Means" means, in relation to the Processing of any Personal Information/Personal Data, the use of any Website(s), Mobile Application(s), electronic mail (email), text, voice, sound or image messages by VFS;

1.12           "Inactive Processing" means instances where VFS has not actively been provided with the Personal Information/Personal Data of Data Subjects, such as when VFS deploys Passive Processing Means to collect information from Data Subjects. These Passive Processing Means allow VFS to Process certain kinds of Non-personally Identifiable Information which can perhaps not be linked to Data Subjects;

1.13           "GDPR" means the General Data Protection Regulation, which is a European law that governs all collection and processing of personal data from individuals inside the European Union;

1.14           "Mobile Application(s)" means any multi-device software application, whether in web-based format or device-native format, to which this Privacy Policy relates and through which Customer(s) and Third-Parties gain access to VFS’ Services;

1.15           "Non-Electronic Means" means, in relation to the Processing of any Personal Information/Personal Data, the use of traditional means of Processing, such as hard copy documents, traditional filing systems deployed for the storage and retention of Personal Information/Personal Data and face-to-face personal engagements with Data Subjects;

1.16           "Non-personally Identifiable Information/Data" means any information/data which cannot be linked to Data Subjects, such as an internet domain name, the type of web browser used by a Data Subject, the type of operating system relied on by a Data Subject, the date and time of a Data Subject’s visit to our Website(s) and Mobile Application(s), the specific pages a Data Subject may have visited, and the address of the website which a Data Subjects may have visited prior to entering or gaining access to VFS’ Website(s) or Mobile Application(s);

1.17           "Operator" means a person or entity who Processes Personal Information/Personal Data for a Responsible Party;

1.18           "Passive Processing Means" means the use of technologies to facilitate the Inactive Processing of Personal Information/Personal Data, which may include the use of cookies;

1.19           "Personal Data" (as defined in Article 4 of the GDPR) means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, which in the context of VFS shall comprise of the types of Personal Data recorded at paragraph 4.6 below;

1.20           "Personal Information" shall have the same meaning as is given in section 1 of POPIA, but shall in the context of VFS’ business comprise of the types of Personal Information recorded at paragraph 4.6 below;

1.21           "Policy" means this Data Protection and Privacy Policy;

1.22           "POPIA" means the Protection of Personal Information Act, No 4 of 2013;

1.23           "Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information/Personal Data, including:

1.23.1             the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

1.23.2             dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or

1.23.3             merging, linking, blocking, degradation, erasure or destruction. For the purposes of this definition, "Process" has a corresponding meaning

1.24           "Products" means the various financial and associated products provided by VFS to its Customer(s) from time to time, the particulars of which products are set forth on VFS’ Website, marketing materials or disseminated by other means;

1.25           "Regulator" means the Information Regulator established in terms of POPIA;

1.26           "Responsible Party" means in the context of this Policy, VFS;

1.27           "Special Personal Information/PersonalData" means Personal Information/Personal Data concerning, amongst other aspects contemplated in terms of section 26 Part B of POPIA, a Data Subject's, religious beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric data, or criminal behaviour;

1.28           "Services" means the various financial and associated services provided by VFS to its Customer(s) from time to time, the particulars of which services are set forth on VFS’ Website, marketing materials or disseminated by other means;

1.29           "Telematics Data" means the telecommunications and informatics data pertaining to the vehicles and equipment that are the subject of a Product or Service, which include, but are not limited to, fuel, mileage, vehicle performance, location and maintenance diagnostics data;

1.30           "Third-Party" means a party other than VFS including without limitation any other Volvo Group Company, Customer(s), Data Subject(s), Capital Markets Partner, employees, independent contractor, agent, consultant or user of VFS’ Services, Website or any other digital application interface;

1.31           "Unique Identifier" means any identifier that is assigned to a Data Subject and is used by the Responsible Party for the purposes of the operations of that Responsible Party and that uniquely identifies that data subject in relation to the Responsible Party;

1.32           "VFS" means Volvo Financial Services Southern Africa (Pty) Ltd. which is a private company registered in terms of the Company Laws of South Africa;

1.33           "Volvo Group Company" means any company forming part of the Volvo Group of Companies from time to time;

1.34           "Website" means the website owned and operated by VFS sourced at https://www.vfsco.co.za/ or www.vfsco.com/za.

2           Introduction

2.1             This Policy regulates the Processing of Personal Information/Personal Data by VFS and sets forth the requirements with which VFS undertakes to comply when Processing Personal Information/Personal Data pursuant to undertaking its operations and fulfilling its contractual obligations in respect of Data Subjects and Third-Parties in general.

2.2             VFS highly values on the privacy of every person or organisation with whom it interacts or engages with and therefore acknowledges the need to ensure that Personal Information/Personal Data is handled with a reasonable standard of care as may be expected from it. VFS is therefore committed to ensuring that it complies with the requirements of POPIA and also with the terms of the GDPR to the extent that the GDPR applies.

2.3             When a Data Subject or Third-Party engages with VFS, whether it be physically or via any digital, electronic interface such as VFS’ Website, the Data Subject or Third-Party acknowledges that they trust VFS to Process their Personal Information/Personal Data, including the Personal Information/Personal Data of their dependents, beneficiaries, customers, members, or employees as the case may be, which further entrenches the importance of VFS’ compliance with Applicable Laws in regards to the Processing of Personal Information/Personal Data.

2.4             All Data Subjects and Third-Parties have the right to object to the processing of their Personal Information/Personal Data. It should be voluntary to accept the Terms and Conditions to which this Policy relates. However, VFS does require the Data Subject or Third-Party’s acceptance to enable the proper use of VFS’ Website, Products and/or Services.

3           Purpose and application

3.1             The purposes of this Policy are not only to inform Data Subjects of what Personal Information/Personal Data of theirs VFS may Process, where VFS may have collected such Personal Information/Personal Data from (if not directly from them as the Data Subject) and how VFS Processes their Personal Information/Personal Data, but also to establish a standard by which VFS and its employees and representatives shall comply in as far as the Processing of Personal Information/Personal Data is concerned.

3.2             VFS, in its capacity as a Responsible Party and/or Operator and/or Controller, as the case may be, shall strive to observe and comply with its obligations under POPIA and the GDPR (as may be applicable and to the extent necessary) when it Processes Personal Information/Personal Data from or in respect of any Data Subject.

4           COLLECTING & PROCESSING OF PERSONAL INFORMATION/PERSONAL DATA

4.1             Whenever any Data Subject engages with VFS, whether it be physically or electronically, or through the use of its Products, Services, facilities or Website, VFS will in effect be Processing the Data Subject’s Personal Information/Personal Data.

4.2             It may be from time to time that VFS has collected a Data Subject’s Personal Information/Personal Data from other sources and in such instances VFS will inform the Data Subject by virtue of any privacy notices it deploys from time to time. In the event that a Data Subject has shared their Personal Information/Personal Data with any Third-Parties, VFS will not be responsible for any loss suffered by the Data Subject, their dependents, beneficiaries, customers, members or employees (as the case may be).

4.3             When a Data Subject provides VFS with the Personal Information of any other Third- Party, VFS will process the Personal Information/Personal Data of such Third-Party in line with this Policy, as well as any terms and conditions or privacy notices to which this Policy relates.

4.4             VFS will primarily Process Personal Information/Personal Data in order to facilitate and enhance the delivery of Products and Services to its Customers, manage and administer its business, foster a legally compliant workplace environment, as well as safeguard the Personal Information/Personal Data relating to any Data Subjects which it in fact holds. In such an instance, the Data Subject providing VFS with such Personal Information/Personal Data may also be required to confirm that they are a competent person and that they have authority to give the requisite Consent to enable VFS to process such Personal Information/Personal Data.

4.5             VFS undertakes to process any Personal Information/Personal Data in a manner which promotes the constitutional right to privacy, retains accountability and Data Subject participation.

4.6             Prior to recording the purpose(s) for which VFS may, or will, process the Personal Information/Personal Data of Data Subjects, VFS hereby records the types of Personal Information/Personal Data of Data Subjects it may process from time to time:

4.6.1                Full names;

4.6.2                Identity numbers;

4.6.3                Registration numbers;

4.6.4                Financial information, including banking account information;

4.6.5                Statutory information;

4.6.6                Physical and postal address particulars;

4.6.7                Telephone and fax numbers;

4.6.8                Email addresses;

4.6.9                Biometrics;

4.6.10             Unique Identifiers;

4.6.11             Telematics Data (in as far as it can be classified as Personal Information/Personal Data);

4.6.12             Employment information;

4.6.13             Video/Audio/Photo footage;

4.6.14             Trade Union Membership;

4.6.15             Gender; and

4.6.16             Nationality.

4.7             In supplementation of the above and any privacy notices provided to any Customers or Third-Parties from time to time pursuant to any engagement with them, VFS may process Personal Information/Personal Data and may transfer all or part of Customer’s Personal Information/Personal Data to any other Volvo Group Company or Third-Party as VFS deems necessary for VFS’ legitimate business purposes and on the basis of other legal grounds,  for the following purposes:

4.7.1                To provide or manage any information, Products and/or Services requested by or delivered to Data Subjects in general;

4.7.2                To establish a Data Subject’s needs, wants and preferences in relation to the Products and/or Services provided by VFS or any other Volvo Group Company;

4.7.3                To help VFS identify Data Subjects when they engage with VFS;

4.7.4                To facilitate the delivery of Products and/or Services to Customers;

4.7.5                To allocate to Customers and Data Subjects Unique Identifiers for the purpose of securely storing, retaining and recalling their Personal Information/Personal Data from time to time;

4.7.6                To maintain records of Data Subjects and specifically Customer records;

4.7.7                To maintain Third-Party records;

4.7.8                For recruitment purposes;

4.7.9                For employment purposes;

4.7.10             For apprenticeship purposes;

4.7.11             For general administration purposes;

4.7.12             For legal and/or contractual purposes;

4.7.13             For health and safety purposes;

4.7.14             To monitor access, secure and manage any facilities owned or operated by VFS regardless of location;

4.7.15             To transact with Third-Parties;

4.7.16             To improve the quality of VFS’ Products and Services;

4.7.17             To analyse the Personal Information/Personal Data collected for research and statistical purposes;

4.7.18             To help recover bad debts, including vehicle disposition in case of repossession;

4.7.19             To carry out analysis and Customer profiling;

4.7.20             To process and ultimately provide Customers with Telematics Data;

4.7.21             To identify other products and services which might be of interest to our Customers and Data Subjects in general, as well as to inform them of such products and/or services;

4.7.22             To give effect to product and services research and development;

4.7.23             To comply with any Applicable Laws applicable to VFS and in some instances other Volvo Group Companies.

4.8             When collecting Personal Information/Personal Data from a Data Subject, VFS shall comply with the notification requirements as set out in Section 18 of POPIA, and to the extent applicable, Articles 13 and 14 of the GDPR.

4.9             VFS will collect and Process Personal Information/Personal Data in compliance with the conditions as set out in POPIA and/or the Processing principles in the GDPR (as the case may be), to ensure that it protects the Data Subject's privacy.

4.10           VFS will not Process the Personal Information/Personal Data of a Data Subject for any purpose other than for the purposes set forth in this Policy or in any other privacy notices which may be provided to Data Subjects from time to time, unless VFS is permitted or required to do so in terms of Applicable Laws or otherwise by law.

4.11           VFS may from time-to-time Process Personal Information/Personal Data by making use of automated means (without deploying any human intervention in the decision-making process) to make decisions about the Data Subject or their application. In this instance it is specifically recorded that the Data Subject may object to or query the outcomes of such a decision.

5           PERSONAL INFORMATION/PERSONAL DATA FOR DIRECT MARKETING PURPOSES

5.1             VFS acknowledges that it may only use Personal Information/Personal Data to contact Data Subjects for purposes of direct marketing where VFS has complied with the provisions of POPIA and GDPR (where applicable) and when it is generally permissible to do so in terms of Applicable Laws.

5.2             In the event that VFS may lawfully direct market to a Data Subject who is a VFS Customer, VFS will ensure that a reasonable opportunity is given to such Customer to object (opt-out) to the use of their Personal Information/Personal Data for VFS' marketing purposes when collecting the Personal Information/Personal Data and on the occasion of each communication to the Customer for purposes of direct marketing.

6           STORAGE AND RETENTION OF PERSONAL INFORMATION/PERSONAL DATA

6.1             Personal Information/Personal Data will only be retained by VFS for as long as necessary to fulfil the legitimate purposes for which that Personal Information/Personal Data was collected in the first place and/or as permitted or required in terms of Applicable Law.

6.2             It is specifically recorded that any Data Subject has the right to object to the Processing of their Personal Information and VFS shall retain and store the Data Subject’s Personal Information/Personal Data for the purposes of dealing with such an objection or enquiry as soon and as swiftly as possible.

7           FAILURE TO PROVIDE PERSONAL INFORMATION

7.1             Where VFS is required to collect Personal Information/Personal Data from a Data Subject by law or in order to fulfil a legitimate business purpose of VFS and the Data Subject fails to provide such Personal Information/Personal Data, VFS may, on notice to the Data Subject, decline to provide Products and Services.

8           SECURING PERSONAL INFORMATION/PERSONAL DATA

8.1             VFS will always implement appropriate, reasonable, physical, organisational, contractual and technological security measures to secure the integrity and confidentiality of Personal Information/Personal Data, including measures to protect against the loss or theft, unauthorised access, disclosure, copying, use or modification of Personal Information/Personal Data in compliance with Applicable Laws.

8.2             In further compliance with Applicable Law, VFS will take steps to notify the relevant regulator(s) and/or any affected Data Subjects in the event of a security breach and will provide such notification as soon as reasonably possible after becoming aware of any such breach.

8.3             Notwithstanding any other provisions of this Policy, it should be acknowledged that the transmission of Personal Information/Personal Data, whether it be physically in person, via the internet or any other digital data transferring technology, is not completely secure. Whilst VFS has taken all appropriate, reasonable measures contemplated in clause 8.1 above to secure the integrity and confidentiality of the Personal Information/Personal Data its Processes, in order to guard against the loss of, damage to or unauthorized destruction of Personal Information/Personal Data and unlawful access to or processing of Personal Information/Personal Data, VFS in no way guarantees that its security system is 100% secure or error-free. Therefore, VFS does not guarantee the security or accuracy of the information (whether it be Personal Information/Personal Data or not) which it collects from any Data Subject.

8.4             Any transmission of Personal Information/Personal Data will be solely at the own risk of the Data Subject. Once VFS has received the Personal Information/Personal Data, it will deploy and use strict procedures and security features to try to prevent unauthorised access to it. As indicated above, VFS reiterates that it restricts access to Personal Information/Personal Data to Third-Parties who have a legitimate operational reason for having access to such Personal Information/Personal Data. VFS also maintains electronic and procedural safeguards that comply with the Applicable Laws to protect your Personal Information from any unauthorized access.

8.5             VFS shall not be held responsible for, and , any Data Subject agrees to indemnify and hold VFS harmless for any security breaches which may potentially expose the Personal Information/Personal Data in VFS’ possession to unauthorized access and or the unlawful processing of such Personal Information/Personal Data by any Third-Party.

9           PROVISION OF PERSONAL INFORMATION/PERSONAL DATA TO THIRD-PARTIES

9.1             VFS may disclose Personal Information/Personal Data to any Third-Party with whom it does business or from whom it obtains services and any Volvo Group Company where necessary and to achieve the purpose(s) for which the Personal Information/Personal Data was originally collected and Processed.

9.2             When disclosing Personal Information/Personal Data to a Third-Party with whom it does business or from whom it obtains services or any Volvo Group Company, VFS will use reasonable endeavours to satisfy itself that the relevant recipient has adequate protections in place, to the extent required by Applicable Law.  If applicable, this may include putting in place appropriate data transfer agreements and/or data processing agreements in a format that meets applicable legal requirements for the protection of Personal Information.

10        TRANSFER OF PERSONAL INFORMATION/PERSONAL DATA OUTSIDE OF SOUTH AFRICA

10.1           VFS may, under certain circumstances, transfer Personal Information/Personal Data to a jurisdiction outside of the Republic of South Africa in order to achieve the purpose(s) for which the Personal Information/Data was collected and Processed, including for Processing and storage by Third-Party service providers.

10.2           When transferring or sharing Personal Information to a third country, VFS will use reasonable endeavours to satisfy itself that the relevant recipient has adequate protections in place, to the extent required by Applicable Law.  If applicable, this may include putting in place appropriate data transfer agreements and/or data processing agreements in a format that meets applicable legal requirements for the protection of Personal Information.

11        ACCESS TO PERSONAL INFORMATION/PERSONAL DATA

11.1           A Data Subject has the right to a copy of the Personal Information/Personal Data which is held by VFS (subject to a few limited exemptions as provided for under Applicable Law).

11.2           The Data Subject must make a written request (which can be by email) to the Information Officer designated by VFS from time to time and whose contact details can be sourced in VFS’ PAIA Manual.

11.3           VFS will provide the Data Subject with any such Personal Information/Personal Data to the extent required by Applicable Law and subject to and in accordance with the provisions of VFS’ PAIA Manual (published in terms of section 51 of the Promotion of Access to Information Act, 2000 (“PAIA”), which PAIA Manual can be sourced on VFS’ website at https://www.vfsco.co.za/ or www.vfsco.com/za.

11.4           The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information/Personal Data in VFS’ records at any time in accordance with the process set out in VFS’ PAIA Manual.

11.5           The prescribed fees to be paid for copies of the Data Subject's Personal Information/Personal Data are listed in VFS’ PAIA Manual.

12        KEEPING PERSONAL INFORMATION/PERSONAL DATA ACCURATE

12.1           VFS will take reasonable steps to ensure that Personal Information/Personal Data that it Processes is kept updated where reasonably possible. For this purpose, VFS shall provide Data Subjects with the opportunity to update their information at appropriate times.

12.2           VFS may not always expressly request the Data Subject to verify and update his/her/its Personal Information/Personal Data and expects that the Data Subject will notify VFS from time to time in writing:

12.2.1             of any updates or amendments required in respect of his/her/its Personal Information/Personal Data;

12.2.2             where the Data Subject requires VFS to delete his/her/its Personal Information/Personal Data; or

12.2.3             where the Data Subject wishes to restrict the Processing of his/her/its Personal Information/Personal Data.

13        COMPLAINTS TO THE INFORMATION REGULATOR

13.1           If any Data Subject or Third-Party is of the view or belief that VFS has Processed their Personal Information/Personal Data in a manner or for a purpose which is contrary to the provisions of this Policy, the Data Subject is required to first attempt to resolve the matter directly with VFS by contacting VFS’ Information Officer, failing which the Data Subject or Third-Party shall have the right to lodge a complaint with the Information Regulator, under the provisions of POPIA.

13.2           The contact particulars of the Information Regulator are:

The Information Regulator (South Africa)

JD House 27 Stiemens Street Braamfontein Johannesburg, 2001

PO Box 31533

Braamfontein, Johannesburg, 2107

E-mail: inforeg@justice.gov.za

14        UPDATES TO THIS POLICY

14.1           This Privacy Policy may be updated periodically and to reflect changes in VFS’ Personal Information practices. VFS will indicate at the top of the Privacy Policy posted in our Website when it was most recently updated.

15        CONTACTING US

15.1           All comments, questions, concerns or complaints regarding Personal Information/Personal Data or this Policy, should be forwarded to VFS’ Information Officer at the following email address/functional mailbox: Support.privacysa@vfsco.com.