Privacy Policy

1. Information We Collect

We may collect the following types of information:

1.1 Personal Information

Personal information is information that identifies you as an individual. We collect personal information as defined in POPIA, including but not limited to:

• Identity information (name, ID number, company registration details)
• Contact information (email address, telephone number, physical address)
• Financial information (payment details, bank account information)
• Transaction information (products purchased, order history)
• Employment information (for B2B relationships)
• Communications and correspondence with us

1.2 Non-Personal Information

We also collect non-personal information that does not directly identify you, including:

• Browser type and version
• Device information (operating system, hardware model)
• IP address
• Usage data (pages visited, time spent on the website)
• Referral source

2. Collection Methods

We collect information through various methods, including:

• Direct interactions (when you provide information through our website, email, phone, or in person)
• Forms and applications (when you complete contact forms, quotation requests, or account applications)
• Automated technologies (cookies, server logs, and similar technologies)
• Third parties (such as business partners, credit bureaus, or publicly available sources, where permitted by law)

3. Purpose of Collection

In accordance with POPIA, we only collect and process personal information for specific, explicitly defined, and legitimate purposes, including:

• To provide our products and services to you
• To process and fulfill orders
• To communicate with you about your orders, inquiries, or account
• To provide customer support and respond to your queries
• To maintain and improve our website and services
• To send you information about our products, services, and promotions (with your consent)
• To conduct market research and analysis
• To comply with legal obligations
• To detect and prevent fraud and unauthorized access
• To establish, exercise, or defend legal claims
• For other purposes with your consent

4. Legal Basis for Processing

We process your personal information in accordance with POPIA on the following legal grounds:

5. Information Sharing and Disclosure

We may share your personal information with the following categories of recipients:

5.1 Service Providers

We may disclose your information to third-party service providers who perform services on our behalf, such as:

• Payment processors
• Delivery and logistics providers
• IT and system administration providers
• Marketing and communication service providers
• Professional advisers (lawyers, bankers, auditors, insurers)

These service providers are contractually bound to protect your information and only use it for the specific purposes for which we disclose it to them.

5.2 Business Partners

We may share your information with our business partners, such as steel suppliers or manufacturers, when necessary to fulfill your orders or provide our services.

5.3 Legal Requirements

We may disclose your information when required by law, subpoena, court order, or other legal process, or to establish, protect, or exercise our legal rights or defend against legal claims.

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of business assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.5 With Your Consent

We may share your information with any other third parties where you have provided your explicit consent for such disclosure.

6. Cross-Border Data Transfers

• The recipient is subject to laws, binding corporate rules, or binding agreements that provide an adequate level of protection similar to POPIA;
• You consent to the transfer;
• The transfer is necessary for the performance of a contract between you and us;
• The transfer is necessary for the conclusion or performance of a contract concluded in your interest; or
• The transfer is for your benefit and it is not reasonably practicable to obtain your consent, but if it were, you would likely provide such consent.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, accidental loss, alteration, disclosure, or destruction, as required by Section 19 of POPIA. These measures include:

• Access controls and authentication procedures
• Encryption of sensitive data
• Secure network infrastructure
• Regular security assessments and testing
• Staff training on data protection and security
• Physical security measures at our premises

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

• The amount, nature, and sensitivity of the personal information
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the information and whether we can achieve those purposes through other means
• Applicable legal requirements

In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

9. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and personalize content. Cookies are small text files that are stored on your device when you visit our website.

9.1 Types of Cookies We Use

9.2 Managing Cookies

You can control and manage cookies in various ways. Most web browsers allow you to block or delete cookies. Please note that if you choose to block all cookies, you may not be able to access all or parts of our website or some features may not function properly.

10. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights regarding your personal information:

11. Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers.

12. Third-Party Links

Our website may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes if and where required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the date at the top of this page. You are advised to review this Privacy Policy periodically for any changes.

14. Contact Information

15. POPIA Compliance Statement

All Steel Services CC is committed to complying with the Protection of Personal Information Act 4 of 2013 (POPIA). We have implemented the following measures to ensure compliance: