Privacy Policy

At Epic Deals, accessible from https://epicdeals.co.za/, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by Epic Deals and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Epic Deals. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms. 

Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.

How we use your information

We use the information we collect in various ways, including:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyze how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails
  • Find and prevent fraud
  • Marketing purposes whether for Google ads, customer lists and Facebook ads.

Marketing

We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we use marketing platforms such as Google, Facebook, LinkedIn, and others, as well as how we utilize the information you provide when signing up for our mailing list to send marketing-related emails and SMSes. By using our website, you consent to the practices described in this Privacy Policy.

1. Information Usage

When you sign up for our mailing list, we collect your name, email address, phone number, and any other information you voluntarily provide. We use this information to send marketing-related emails and SMSes, including promotional offers, updates, and relevant information about our products and services.

2. Marketing Platforms

We employ various marketing platforms to reach our target audience effectively. This involves using your information to deliver targeted ads and measure the success of our marketing campaigns on platforms such as Google, Facebook, LinkedIn, and others.

3. Data Sharing

We do not sell or rent your personal information to third parties. However, we may share your information with trusted service providers and partners who assist us in delivering our marketing communications and optimizing our campaigns. These parties are contractually obligated to maintain the confidentiality and security of your information.

4. Opt-Out and Preferences

You have the right to opt-out of receiving our marketing communications at any time. If you no longer wish to receive emails or SMSes from us, you can unsubscribe by following the instructions provided in the communication or contacting our customer support.

5. Data Security

We take appropriate measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, please be aware that no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute data security.

6. Updates to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We encourage you to review this policy regularly for any updates. Continued use of our services after any modifications to this policy will constitute your consent to the updated Privacy Policy.

By using our website, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Log Files

Epic Deals follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

Cookies

Like any other website, Epic Deals uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customising our web page content based on visitors’ browser type and/or other information.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, consumers have the right to:

Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children’s Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Epic Deals does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Cookie List

epicdeals.co.zawoocommerce_items_in_cartDescription:This cookie is used by woocommerce and contains the end user’s cart information.Lifespan:Session
epicdeals.co.zawp_woocommerce_session_93db5cb4cb24c7aca8fb5c036e6d87e8Description:wp_woocommerce_session_Lifespan:2 days
epicdeals.co.zawoocommerce_cart_hashDescription:This cookie is used by woocommerce and contains the end user’s cart information.Lifespan:Session
epicdeals.co.zaPHPSESSIDDescription:PHP session cookie associated with embedded content from this domain.Lifespan:Session

Performance Cookies

FIRST-PARTY

HostNameDetails
co.za_gaDescription:This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners._gaLifespan:2 years
co.za_gclxxxxDescription:Google conversion tracking cookieLifespan:3 months
epicdeals.co.za_gaDescription:This cookie name is associated with Google Universal Analytics – which is a significant update to Google’s more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners._gaLifespan:a few seconds
epicdeals.co.za_gidDescription:This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited._gidLifespan:a day
epicdeals.co.za_gclxxxxDescription:Google conversion tracking cookieLifespan:3 months

Targeting Cookies

FIRST-PARTY

HostNameDetails
epicdeals.co.za_fbpDescription:Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisersLifespan:3 months
co.za_fbpDescription:Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisersLifespan:3 months
epicdeals.co.za_gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxxxDescription:Google AnalyticsLifespan:a few seconds

THIRD PARTY

HostNameDetails
www.facebook.com Description:Lifespan:Session
google.com_GRECAPTCHADescription:Lifespan:6 monthsPath:/recaptchaSecure:Http only:

Unknown

FIRST-PARTY

HostNameDetails
epicdeals.co.zamailerlite:webform:shown:4091746Description:Lifespan:a few seconds
epicdeals.co.zawad_coupons_statusDescription:Lifespan:Session
epicdeals.co.zat_prod_seqDescription:Lifespan:a day
epicdeals.co.zappviewtimerDescription:Lifespan:a day
epicdeals.co.zat_ATC_posDescription:Lifespan:a day
epicdeals.co.zat_listnameDescription:Lifespan:a day
epicdeals.co.zaquform_session_93db5cb4cb24c7aca8fb5c036e6d87e8Description:Lifespan:Session
epicdeals.co.za_fw_crm_vDescription:Lifespan:a year

Protection Of Personal Information Policy: Tech Revival

INTRODUCTION

TECH REVIVAL, because of the role it fulfils as collator and custodian of sensitive personal information which includes, information relating to identity, race, gender, age, identifying number, e-mail address, telephone number etc. has a legal and moral responsibility to its clients to ensure that all the staff of TECH REVIVAL:

  • obtain and process personal information fairly; and
  • keep it only for a specified and explicit lawful purpose; and
  • process it only in ways compatible with the purposes for which it was given initially; and
  • keep personal data safe, confidential and secure; and
  • keep data accurate, complete and up-to-date; and
  • retain it for a period no longer than is necessary for the specified purpose; and
  • provide a copy of a clients’ personal information to that client, on request.

The introduction of the Protection of Personal Information Act (“POPIA”) further strengthens the need to ensure confidentiality of personal information. The POPIA is an important legal reform, creating a regime of consumer protection that has become essential in the information age. It is data protection legislation intended to protect the personal information of individuals held by third-parties. The legislation centers on a set of “information protection principles” which flesh out a general and higher-level requirement that personal information must be processed lawfully and in a reasonable manner that does not infringe on the privacy of the data subject.

THREE IMPORTANT CONCEPTS ARE DEFINED IN THE ACT NAMELY:

‘data subject’ means, according to the definitions in Section 1, the person to whom personal information relates. While the data subject is the principal right-holder under the POPIA, the principal duty-bearer is termed the “responsible party”, defined as “the public or private body or any other entity which, alone or in conjunction with others, determines the purpose of and means for processing personal information”.

“personal information” means information about a person’s race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language, education, medical information, financial information, criminal or employment history, an identifying number, e-mail address, physical address, telephone number, blood type, biometric information, personal opinions, views or preferences of a person; correspondence of a private or confidential nature; and the name of the person if it appears with other personal information relating to the person.

“process” meaning collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination, distribution, merging, linking, blocking, degradation, erasure or destruction of information.

POPIA requires that an Information Protection Officer be appointed. , an employee within the company will assume the duties of the Information Protection Officer for the company where the responsibilities are defined in the Act as:

each responsible party must ensure that there are, within that body, one or more information protection officers whose responsibilities include –

  • the encouragement of compliance, by the body, with the information protection principles;
  • dealing with requests made to the body pursuant to this Act;
  • working with the Commission in relation to investigations conducted pursuant to Chapter 6 of this Act in relation to the body;
  • otherwise ensuring compliance by the body with the provisions of this Act.

Information protection principles contained in POPIA can be summarised as follows:

  • Any person who stores personal and private information (“PI”) about anyone else may not do so without the direct consent by the effected person – the “data subject”.
  • Any “data subject” may request to review any PI stored about them at any time and such information may not be withheld. The “data subject” may request for correction to be made to erroneous information and the data holder will be obliged to make such corrections;
  • No PI may be disclosed to any person without the direct authorisation of the “data subject”. A breach in this regard will be considered a serious and punishable offence.
  • No alterations or changes of any nature may be made to the PI or data kept on a “data subject” without the direct authorisation of the “data subject”.
  • No data may be released to any person resulting in the distinctive identification of a “data subject” for the purposes of research, statistics or any other similar purpose.

It is therefore essential that all TECH REVIVAL employees working with the personal information of all clients must be educated on the principles of POPIA and how to

  • deal with requests by any person regarding enquiries regarding “data subject”. The golden rule should be not to disclose any information to any person if you are not convinced it is correct to do so. In such an instance, the request should be forwarded to the Information Protection Officer.
  • Security measures regarding the protection of employee information must be reviewed in order to ensure the safe keeping of information

The purpose of this Policy is to provide guidelines to assist employees to ensure that PI in their possession is kept safe and secure and that TECH REVIVAL therefore meets all legal responsibilities.

GENERAL PROCEDURES

This section of the Policy sets out guidelines in a number of specific areas where particular attention should be paid in order to help protect the confidentiality of PI held by the company.

  • It is essential that the Information Protection Officer is aware of what PI is held, where it is held and the consequences should that PI be lost or stolen.
  • Access to the TECH REVIVAL office as well as data center and server rooms used to host hardware and software on which PI is stored should be restricted only to those TECH REVIVAL staff members that have authorisation to view and access the PI.
  • Access to systems which are no longer in active use and which contain PI should be removed where such access is no longer necessary or cannot be justified.
  • Passwords used to access PC’s, applications and databases should be of sufficient strength to deter password cracking or guessing attacks. A password should include numbers, symbols, upper and lowercase letters. If possible, password length should be around 12 to 14 characters but at the very minimum of 8 characters. Passwords based on repetition, dictionary words, letter or number sequences, usernames, or biographical information like names or dates must be avoided. The Protection Information Officer is responsible to ensure that passwords are changed on a regular basis and that an audit trail is received which highlights non-compliance.
  • A procedure must be instituted which evaluates requests from other organisations or third parties for access to PI stored by TECH REVIVAL.
  • Personnel who retire, transfer or resign should be removed immediately from mailing lists and access control lists. It is the responsibility of the Protection Information Officer to ensure that procedures are in place to ensure compliance with this provision of the Policy.
  • Contractors, temporary staff, consultants and external service providers employed by TECH REVIVAL should be subject to strict procedures with regard to accessing PI. This must be by way of a formal contract which includes the necessary confidentiality clauses and ensures that such parties will undertake and adhere to similar requirements as set out in this Policy to ensure the confidentiality of PI.
  • The Protection Information Officer must ensure that each employee receives a copy of this Policy and the company’s Telecommunications and Electronic Communications Policy (currently being compiled). Both policies should be understood and signed by each employee of the company.
  • The Protection Information Officer is responsible for completing a Risk Audit examining the risks associated with the storage, handling and protection of PI at least every six months.
  • Procedures should be put in place in relation to disposal of client files (both paper and electronic) containing PI. Paper with PI must be shredded and the Protection Information Officer must ensure that adequate shredders are available. Further, procedures should also be put in place in relation to the secure disposal of computer equipment (especially storage media) at end-of-life.
  • New staff should be carefully coached, trained and should be fully informed of their obligations before being allowed to access confidential or PI.
  • Staff should ensure that visitors to the office or other unauthorised persons are unable to view personal or sensitive information whether held in the form of paper documents or information displayed on PC monitors.
  • All staff should ensure that PC’s are logged off or “locked” when left unattended for any period of time. Where possible, staff should be restricted from saving files to the local disk. Users should be instructed to only save files to their allocated network drive.
  • PI documents must be locked away in a secure location when not in use. A “Clean Desk Policy” must be implemented to ensure that no documentation is left on employee’s desks overnight.
  • Appropriate and secure filing procedures (both paper and electronic) should be drawn up and followed.

PAPER RECORDS

The following guidelines should be followed with regard to PI data held on paper files: –

  • Paper records and files containing PI should be handled in such a way as to restrict access only to those persons with business reasons to access them.
  • This should entail the strict enforcement of a policy whereby paper files containing such data are locked away when not required or overnight – a “clean desk policy”. Where possible consideration should also be given to the implementation of a register or logging access to paper files containing PI.
  • PI held on paper must be kept hidden from visitors to the offices.
  • Secure disposal of confidential waste should be in place and properly used. The discipline must be instilled into all staff members that papers, notes or any paper containing PI must be shredded.

E-MAIL

All staff members of TECH REVIVAL are required to take extreme care when using email in particular:

  • Standard unencrypted email should never be used to transmit any PI. Staff members that have to use e-mail to transfer such data must ensure that PI is encrypted either through file encryption, the use of a secure e-mail facility which will encrypt the data (including any attachments) being sent or at the very least, robust passwords. The default option should always be to utilise the strongest encryption methods available. Employees should ensure that e-mails contained PI is sent only to the intended recipient.
  • Where PI is held on applications and databases with relevant security and access controls in place, additional controls should be considered that would prevent such data from being copied to applications where no security or access controls are in place and/or can be bypassed.

REMOTE ACCESS

Due to the fact that some work is performed at the premises of clients, the TECH REVIVAL staff should be able to access servers and databases remotely. This brings its own challenges in relation to data security which TECH REVIVAL must address. With regard to PI, the following guidelines should be adhered to:

  • In the first instance, all PI held electronically should be stored centrally on the server. Data that is accessible by remote access should not be copied to employee’s PC’s or to portable storage devices, such as laptops, memory sticks and external hard drives that may be stolen or lost. 
  • When accessing data remotely, it must be done via a secure encrypted link with relevant access controls in place.
  • Additional stringent security and access controls should be in place including inter alia, the mandatory use of strong passwords or security token authentication.
  • PI being accessed in this way should be prevented from being copied from the central location to the remote device.
  • TECH REVIVAL will utilize technologies that will provide for the automatic deletion of temporary files which may be stored on remote machines by its operating system.
  • TECH REVIVAL must ensure that only known machines configured appropriately to the Company’s standards (for example with up-to-date anti-virus and anti-spyware software and full encryption), are allowed to remotely access centrally held PI. Authorization for remote access must be furnished by the Protection Information Officer. The strongest encryption methods available should be used to encrypt data on these machines.
  • Staff should be aware that it is imperative that any wireless technologies or networks used when accessing TECH REVIVAL systems should be encrypted to the strongest standard available.

LAPTOPS AND OTHER MOBILE STORAGE DEVICES

(Including USB memory sticks and external hard drives)

The use of laptops, USB memory sticks and other portable or removable storage devices has increased substantially in the last number of years. Likewise, the use of mobile phones to access and send e-mails has also increased. These devices are useful business tools however they are highly susceptible to loss or theft and often contain inferior security protection. Concomitantly, to protect the content held on these devices, the following recommendations should be followed:

  • All portable devices should be password-protected to prevent unauthorized use of the device and access to PI held on the device. In the case of mobile phones, both a PIN and login password should be used. Manufacturer or operator-provided PIN codes must be changed from the default setting by the user on receipt of the device.
  • Passwords used on these devices should be of sufficient strength to deter password cracking or guessing attacks and conform to the requirements listed in “General Procedures” above.
  • PI should not be stored on portable devices. In cases where this is unavoidable, all devices containing this type of data must be encrypted and password protected. With regard to laptops, full disk encryption must be employed regardless of the type of data stored.
  • When laptops or cell phones are being used in public places, care must be taken to avoid unwitting disclosure of PI.
  • Portable devices must not contain unauthorized, unlicensed or personally licensed software. All software must be authorized and procured through the TECH REVIVAL IT service provider company.
  • Anti-virus/Anti-spyware/Personal Firewall software must be installed and kept up to date on portable devices. These devices should be subjected to regular virus checks using this software.
  • TECH REVIVAL must ensure that when providing portable devices for use by staff members, each device is authorized for use only by a specific named individual. The responsibility for the physical safeguarding of the device will then rest with that individual.
  • Laptops must be physically secured if left in the office overnight. When out of the office, the device should be kept secure at all times.
  • Portable devices should never be left in an unattended vehicle. Further, a policy must be introduced and strictly adhered to that if a member of staff is going out after work and the laptop will have to be kept in the car, then the laptop must be locked in a secure place in the TECH REVIVAL’s office overnight.
  • Portable storage media should only be used for data transfer where there is a business requirement to do so.
  • Staff owned devices including portable media players such as iPods, digital cameras, and USB sticks must be technologically restricted from connecting to TECH REVIVAL computers.
  • A robust, clear and known procedure for early notification of the loss of a portable device must be instituted. This would allow for the disconnection of the missing device from the company’s server.

DATA TRANSFERS OF PERSONAL INFORMATION

Data Transfers are a daily business requirement when transferring PI. Such transfers should take place only where absolutely necessary and employing the most secure channel available. To support this, all TECH REVIVAL staff must adhere to the following:

  • Data transfers should, where possible, only take place via secure on-line channels where the data is encrypted.
  • “Strong” passwords (see “General Procedures”) must be used to protect the data during transfer. Such passwords must not be sent with the data it is intended to protect. Care should be taken to ensure that the password is sent securely to the intended recipient and that it is not disclosed to any other person.
  • Standard e-mail should never be used to transmit any personal data. Where file encryption or the use of a secure e-mail facility which will encrypt the data (including any attachments) is sent, staff must still ensure that the mail is sent only to the intended recipient.
  • When a data transfer with a third party is required, a written agreement should be put in place between both parties in advance of any data transfer. Such an agreement should define:
  • The information that is required by the third party and the purposes for which the information can be used must also be defined if the recipient party is carrying out processing on behalf of TECH REVIVAL.
  • Named contacts in each organization responsible for the data.
  • The frequency of the proposed transfers.
  • An explanation of the requirement for the PI or requested data transfer;
  • The transfer and encryption method that will be used (e.g. Secure FTP, Secure e-mail, etc.).
  • The acknowledgement procedures on receipt of the PI.
  • The length of time the information will be retained by the third party;
  • Confirmation from the third party that the security, confidentiality and storage of the PI will be handled to the same level of controls that TECH REVIVAL would apply to that category of information. Confirmation is also required clearly identifying the point at which the third party will take over responsibility for protecting the data.
  • The method for highlighting breaches in the transfer process.
  • Business procedures need to be in place to ensure that all such transfers are legal, justifiable, necessary of not contrary to any legislation requirement or provision.

REQUEST FOR ACCESS TO PERSONAL INFORMATION

Section 22 of the POPIA states that a data subject may request a responsible party to confirm that they are holding PI about the data subject and may obtain a description of that information and details about who has had access to it. Where such a request is received, the matter must be referred to the Information Protection Officer who will ensure that the correct procedures are adopted.

Section 23 of the POPIA, provides for a right to request correction of personal information held by a responsible party if it is inaccurate, incomplete, misleading, out of date, and obtained unlawfully, irrelevant or excessive. Where such a request is received, the matter must be referred to the Information Protection Officer who will ensure that the correct procedures are adopted.

APPROPRIATE ACCESS AND AUDIT TRAIL MONITORING

TECH REVIVAL have an obligation to keep information safe and secure and have appropriate measures in place to prevent unauthorized access to, or alteration, disclosure or destruction of, the PI and against their accidental loss or destruction. It is imperative therefore, that TECH REVIVAL have security in place to ensure that only those staff members with a business need to access particular PI are allowed to access the data. In addition to this general requirement, the following guidelines should be adopted:

  • TECH REVIVAL must ensure that their ICT systems are protected by use of appropriate firewall technologies and that this technology is kept up-to-date and is sufficient to meet emerging threats. The monitoring of the suitability of such safeguards will be the responsibility of the Information Protection Officer. 
  • In order to capture instances of inappropriate access (whether internal or external), addition, deletion and editing of data, audit trails should be used.
  • Access to files containing PI should be monitored by the Information Protection Officer on an ongoing basis. Staff should be made aware that this is being done. An IT system or automatic audit trail may need to be put in place to support this supervision.

CONCLUSION

For the first time, South Africans will have their constitutional right to the privacy of their PI enforced. POPIA will bring South Africa in line with international data protection laws and at the same time, will protect PI collected and processed by public and private organisations.

PI privacy presents a growing challenge and TECH REVIVAL must adapt and comply with complex international laws on how they handle such information. POPIA requires TECH REVIVAL to establish appropriate policies and procedures to protect the various forms of data that are part of their business operations.

It is almost impossible to anticipate all eventualities and possibilities but strict adherence to this Policy together with heightened awareness of all TECH REVIVAL staff will ensure that the company not only complies with the relevant legislation but ultimately, safeguards the PI entrusted to it by TECH REVIVAL’s clients.

Get top deals, the latest trends, and more.