We respect the privacy of everyone who visits this website. As a result, we would like to inform you regarding the way we would use your Personal Information. We recommend you to read this Customer Privacy Notice and Consent so that you understand our approach towards the use of your Personal Information. By submitting your Personal Information to us, you will be treated as having given your permission – where necessary and appropriate – for disclosures referred to in this policy. By using this web site, you acknowledge that you have reviewed the terms of this Customer Privacy Notice and Consent to Use of Personal Information (the “Customer Privacy Notice and Consent”) and agree that we may collect, use and transfer your Personal Information in accordance therewith. If you do not agree with these terms, you may choose not to use our site, and please do not provide any Personal Information through this site. This Customer Privacy Notice and Consent forms part of our Site Terms and Conditions of Use and such shall be governed by and construed in accordance with the laws of South Africa. This Notice explains how we obtain, use and disclose your personal information, as is required by the Protection of Personal Information Act, 2013 (POPI Act). At EasyBiz we are committed to protecting your privacy and to ensure that your Personal Information is collected and used properly, lawfully and openly.
Who we are
EasyBiz is the exclusive South African and Sub-Saharan African Distributor of the QuickBooks, Quick Payroll and eZ range of accounting and business software solutions for small, medium and larger sized businesses and is obligated to comply with POPI. POPI requires EasyBiz to inform their clients as to the manner in which their personal information is used, disclosed and destroyed. EasyBiz guarantees its commitment to protecting its client’s privacy and ensuring that their personal information is used appropriately, transparently, securely and in accordance with applicable laws. This Policy sets out the manner in which the EasyBiz deals with their client’s personal information as well as and stipulates the purpose for which said information is used. This Policy is made available on the EasyBiz company website www.easybiztech.co.za
The information we collect
Section 9 of POPI states that “Personal Information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.” EasyBiz collects and processes client’s personal information pertaining to the client’s needs. The type of information will depend on the need for which it is collected and will be processed for that purpose only. Whenever possible, EasyBiz will inform the client as to the information required. Examples of personal information we collect include, but is not limited to: – The Client’s Identity number, name, surname, address, postal code, marital status;- Description of the client’s residence, business, assets; financial information, banking details, etc.. With your consent, we may also supplement the information that you provide to us with information we receive from other companies in our industry. We may automatically collect non-Personal Information about you such as the type of internet browsers you use or the website from which you linked to our website. We may also aggregate details which you have submitted to the site (for example, the products or services you are interested in). You cannot be identified from this information and it is only used to assist us in providing an effective service on this web site. We may from time to time supply third parties with this non-personal or aggregated data for uses in connection with this website. Cookies policy: We use the term “cookies” to refer to cookies and other similar technologies covered by the POPI Act on privacy in electronic communications.
What is a cookie? Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any information stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
Personal Information Security
We are legally obliged to provide adequate protection for the Personal Information we hold and to stop unauthorised access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your Personal Information is secure. Our security policies and procedures cover:
- Acceptable usage of personal information;
- Access to personal information;
- Computer and network security;
- Governance and regulatory issues;
- Investigating and reacting to security incidents.
- Monitoring access and usage of personal information;
- Physical security;
- Retention and disposal of information;
- Secure communications;
- Security in contracting out activities or functions;
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that Personal Information that we remain responsible for, is kept secure. We will ensure that anyone to whom we pass your Personal Information agrees to treat your information with the same level of protection as we are obliged to.
Changes to this notice
Please note that we may amend this notice from time to time. Please check our websites periodically to inform yourself of any changes.
How we use this information
We will use your Personal and Non-Personal Information only for the purposes for which it was collected or agreed with you, for example:
- Analyse the effectiveness of our advertisements, competitions and promotions
- Collect information about the device you are using to view the site, such as your IP address or the type of Internet browser or operating system you are using, and link this to your Personal Information so as to ensure that the site presents the best web experience for you
- Evaluate the use of the site, products and services
- For audit and record keeping purposes
- For market research purposes
- For monitoring and auditing site usage
- Help speed up your future activities and experience on the site. For example, a site can recognise that you have provided your Personal Information and will not request the same information a second time.
- In connection with legal proceedings
- Make the site easier to use and to better tailor the site and our products to your interests and needs
- Offer you the opportunity to take part in competitions or promotions
- Personalise your website experience, as well as to evaluate (anonymously and in the aggregate) statistics on website activity, such as what time you visited it, whether you’ve visited it before and what site referred you to it
- Suggest products or services (including those of relevant third parties) which we think may be of interest to you
- To assist with business development
- To carry out our obligations arising from any contracts entered into between you and us
- To conduct market or customer satisfaction research or for statistical analysis
- To confirm and verify your identity or to verify that you are an authorised customer for security purposes
- To contact you regarding products and services which may be of interest to you, provided you have given us consent to do so or you have previously requested a product or service from us and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws.
- To notify you about changes to our service
- To respond to your queries or comments
- We will also use your Personal Information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law.
- Where we collect Personal Information for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. In order to protect information from accidental or malicious destruction, when we delete information from our services we may not immediately delete residual copies from our servers or remove information from our backup systems.
- You can opt out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the information and means necessary to opt out.
Definition of Personal Information
According to the POPI Act “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.
Disclosure of Personal Information
We may disclose your Personal Information to our business partners who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with these privacy terms. We may share your Personal Information with, and obtain information about you from: • Third parties for the purposes listed above; we may also disclose your information: • Where we have a duty or a right to disclose in terms of law or industry codes; • Where we believe it is necessary to protect our rights.
Access to your Personal Information
You have the right to request a copy of the Personal Information we hold about you. To do this, simply contact us at the numbers/addresses listed on our home page and specify what information you would like. We will take all reasonable steps to confirm your identity before providing details of your personal information. Please note that any such access request may be subject to a payment of a legally allowable fee, as laid down in our POPI Act Policy.
Correction of your Personal Information
You have the right to ask us to update, correct or delete your personal information. We will take all reasonable steps to confirm your identity before making changes to Personal Information we may hold about you. We would appreciate it if you would take the necessary steps to keep your Personal Information accurate and up-to-date by notifying us of any changes we need to be aware of.
How to contact us
If you have any queries about this notice or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website www.easybiztech.co.za.
All capitalised terms herein or in any Schedule or attachment will have the meanings ascribed to such terms in this clause 1 or as otherwise defined in this Agreement.
1.1 “Affiliate” means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a Party.
1.3 “Data Subject” means an individual or juristic entity which is the subject of Personal Data that may be Processed under this Agreement.
1.4 “Intellectual Property Rights” means:
1.4.1 all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trademarks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models and rights in designs;
1.4.2 applications for registration, and the right to apply for registration, for any of these rights and;
1.4.3 all other intellectual property rights and equivalent or similar forms of protection existing anywhere in the world.
1.5 “Quick Payroll Cloud & HR Application” means the computer software and related documentation comprising the private labelled payroll processing service marketed by Operator as Quick Payroll Cloud & HR, including but not limited to any modifications or additions provided by Operator during the term of this Agreement and made available by Operator at www.easybiztech.co.za
1.6 “Personnel” means any person employed or contracted by the Parties or their approved sub-contractors relating to the provision of the Services.
1.7 “Operator” means a person who processes personal information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party. With regards to this agreement, Operator will be:
EasyBiz PTY (Ltd) P.O Box 336, Wendywood, Johannesburg 2144, South Africa
1.8 “Personal Information” means all information relating to an identifiable, living natural person, including that which Operator (or any of its Affiliates or Personnel) processes in connection with its relationship with Responsible Party (including employees of Responsible Party Affiliates and of its sub-contractors) but excluding information that Operator processes as the Responsible Party.
1.9 “Process or Processing” means the collection, use, disclosure, transfer, storage, deletion, combination, regulatory submission to Government Authorities or other use of Personal Information.
1.10 “Responsible Party” means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
1.11 “Previous Agreement/s” means any agreement/s previously concluded between the Parties or Responsible Party’s acceptance of Operator’s Terms and Conditions of Use in writing or at www.easybiztech.co.za
1.12 “POPI” means the minimum standard as gazetted by the Republic of South Africa and set out in the Protection of Personal Information Act 4 of 2013 of (as amended).
1.13 “Services” mean Operator’s services and Deliverables, as described in Previous Agreements or Operator’s Terms and Conditions of Use.
1.14 “Sub-Processor” means a third-party contractor to whom the Processing of Personal Data is subcontracted or outsourced by the Operator in accordance with the any agreements between the Parties.
1.15 “Supervisory Authority” means the Information Regulator as established in RSA,
pursuant to the POPI Act.
1.16 “Territory” means any country where the Operator processes information on behalf of the Responsible Party.
1.17 “User or Users” means any Responsible Person and / or its Personnel and / or organisation and / or individual that utilises Operator’s Services.
2. General Privacy Terms
2.1 Registration. To create an account on the Quick Payroll Cloud & HR Application, User’s must provide Operator with at least its email address and a password and agree to Operator’s Terms and Conditions of Use and this Agreement, which governs how Operator treats User’s information. User will provide additional information during the registration flow (for example, User’s company addresses and contacts, pay structures, journal codes, employee biographical information and salary information) to help User build User’s company and employee profiles and to provide User with Services. User understands that, by creating an account, Operator a will be able to identify User by User’s profile on the Quick Payroll Cloud & HR Application. Operator may also ask for User’s credit card or bank details to retrieve applicable service fees.
2.2 Customer Service. When a User contacts Operator’s customer support services telephonically or through Operator’s online Help Center, Operator will have to access Users’ profile, company information, employee information and other contributions to Operator’s Services and collect the information Operator needs to categorize a User’s question, respond to it, and, if applicable, investigate any breach of Operator’s Terms and Conditions of Use and or this agreement. Operator also use this information to track potential problems and trends and customize Operator’s support responses to better serve Users. Operator does not use this information for advertising.
2.4 Information About Users Computer and Mobile Device. When Users visit or leave Operator’s Services (whether as a Member or Visitor) by clicking a hyperlink Operator automatically receives the URL of the site from which a User came or the one to which a User is directed. Also, advertisers receive the URL of the page that a User is on when a User clicks an ad on or through Operator’s Services. Operator also receives the internet protocol (“IP”) address of a User’s computer or the proxy server that a User uses to access the web, a User’s computer operating system details, a User’s type of web browser, a User’s mobile device (including a User’s mobile device identifier provided by User’s mobile device operating system), User’s mobile operating system (if a User is accessing the Quick Payroll Cloud & HR Application using a mobile device), and the name of User’s ISP or User’s mobile carrier. Operator may also receive location data passed to Operator from third-party services or GPS-enabled devices that User have set up, which Operator use to show User’s relevant information.
2.5 Quick Payroll Cloud & HR Communications. Operator communicates with Users through email, notices posted on Operator’s websites or apps and other means available through the Services, including mobile text messages and push notifications. Examples of these communications include:
2.5.1 welcome and engagement communications – informing Users about how to best use Operator’s Services, new features and updates about legislation;
2.5.2 service communications – these will cover service availability, security, and other issues about the functioning of Operator’s Services. and;
2.5.3 promotional communications – these include email and may contain promotional information directly or on behalf of Operator’s partners. These messages will be sent to Users based on User’s profile information and messaging preferences. User’s may change User’s email and contact preferences at any time by signing into User’s account and opting out of receiving emails.
2.5.4 Users cannot opt out of receiving service messages from Operator. User agrees that Operator may provide notices to Users in the following ways:
22.214.171.124 a banner notice on the Service. or;
126.96.36.199 an email sent to an address User provided. or;
188.8.131.52 through other means including mobile number, telephone, or mail. User agrees to keep User’s contact information up to date.
2.6 Testimonials and Advertisements. If User provides any testimonials about Operator’s goods or services or place advertisements, Operator may post those testimonials and examples of advertisements User placed in connection with Operator’s promotion of these services to third parties. Testimonials and advertisements may include User’s name and other personal information that User has provided.
2.7 External Links. The Quick Payroll Cloud & HR Application is an information portal, it contains links to other Web sites. These sites however do not fall under any control of Operator and therefore Operator cannot be held responsible for the privacy practices or the contents of such other web sites.
2.8 Rights to Access, Correct, or Delete User Information, and Closing User Account. User can change User’s information on the Quick Payroll Cloud & HR Application at any time by editing User’s profile, deleting information that User has posted, or by giving Operator notice of termination. User has a right to:
2.8.1 access, modify, correct, or delete User’s personal information controlled by Operator regarding User’s profile;
2.8.2 change User’s information. and;
2.8.3 close User’s account.
3. Processing of Information
3.1 Responsible Party hereby grants to Operator a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit, and translate the Personal Information to the extent reasonably required for the performance of Operator’s obligations and the exercise of Operator’s rights under this Agreement.
3.2 Responsible Party also grants to Operator the right to:
3.2.1 sub-license these rights to its hosting, connectivity, and telecommunications organisations, subject to any express restrictions elsewhere in this Agreement.
3.2.2 Electronically submit to revenue authorities the necessary monthly, quarterly, and annual returns as may be required under the applicable law.
3.3 Responsible Party warrants to Operator that the Personal Information when used by Operator in accordance with this Agreement will not infringe the Intellectual Property Rights or other legal rights of any person.
3.4 Responsible Party hereby confirms that as the Responsible Party they have an appropriate lawful basis to process personal information including transferring same to Operator for purposes of Processing the payroll and other legislative related services on behalf of Responsible Party.
3.5 Operator will comply with POPI in countries without data privacy legislation. If the law related to data protection in the territory conflicts and/or is more onerous than these provisions, Responsible Party shall in writing advise of such conflict and the Service Provider shall revert on the feasibility, if any, to comply with the Data Protection Legislation.
3.6 Without prejudice to the obligations set out in this clause 3, the Parties acknowledge and agree that each Party will remain solely responsible for complying with their respective obligations under POPI with regards to privacy and protection of personal information laws governing Responsible Party’s data in the Territory.
4. Safeguarding Measures
4.1 The Operator and its subcontractor (technology provider) has implemented appropriate safeguards against the unauthorized access to, and destruction, loss, or alteration of, Responsible Party’s Confidential Information and Personal Information which at any time is in Operator’s possession or to which Operator may have access.
4.2 Operator warrants to Responsible Party that it shall maintain such safeguards for so long as it has any of Responsible Party’s Confidential Information in its possession or has access to such information.
5. Compliance: Sub-Processors and Affiliates
5.1 Operator shall procure that each of its Sub-processors and/or Affiliates contractually agree in writing that they will:
5.1.1 comply with this clause 5 and POPI;
5.1.2 not access, use or process Responsible Party’s data and/or personal information except to the extent reasonably necessary in performance of its obligations under this Agreement;
5.1.3 not perform any act that puts Responsible Party at risk of Responsible Party’s data and/or personal information being disclosed;
5.1.4 implement appropriate technical and organisational security measures to preserve the integrity of Responsible Party’s data and/or Personal Information. and;
5.1.5 prevent any unauthorised or unlawful access, accidental or unauthorised destruction, corruption, loss, alteration or disclosure or other prohibited processing of Responsible Party’s data and/or Personal Information.
6. Rights to Audit
6.1 Operator shall only allow Responsible Party and its auditors, regulators and other advisers to audit the relevant records of Operator pertaining to this Agreement, and for that reason to have reasonable access to any of Operator’s premises, personnel and relevant records as may be.
6.2 Responsible Party shall provide at least 30 (thirty) Business Days’ notice of its intention to conduct an audit.
6.3 Responsible Party shall use its reasonable endeavours to procure that an audit is completed within 5 (five) Business Days from the date that such audit starts.
6.4 Responsible Party shall bear all Responsible Party and Operator’s costs and expenses incurred in respect of compliance with any audits under this Agreement.
6.5 In the event that the audit identifies substantive findings relating to misrepresentation or a material default (the default must go to the root of this Agreement) by Operator then Operator shall reimburse Responsible Party for all its reasonable costs incurred in the course of, and for, that audit.
6.6 If an audit identifies that Operator has failed to comply with any of its obligations under this Agreement, then, without prejudice to the other rights and remedies of Responsible Party, Operator shall take the necessary steps to comply with its obligations at no additional cost to Responsible Party and Operator will reimburse Responsible Party for its reasonable costs incurred in the audit.
7. Breaches and Notifications
7.1 Operator will notify the Responsible Party, within a reasonable timeframe, after becoming aware of any Personal Information Breach and provide reasonable information in its possession to assist the Responsible Party to meet the Responsible Party‘s obligations to report a Personal Information Breach as required under POPI.
7.2 Operator may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by Operator.
8. Storage of History Data
8.1 Subject to clause 8.2 below, legal jurisdictions will dictate how long Responsible Party’s data is retained within the Territory (each respective country), if there is no standard, a default period of 5 (five) years will be used to determine whether data should be destroyed.
8.2 On notice of termination of Responsible Party account, Responsible Party will have 30 days to download or export the data using one of many mechanisms such as reports, web services and business intelligence tools. After that 30-day period, Operator will have no obligation to maintain or provide Responsible Party the data and will thereafter delete or destroy all copies Party’s data in Operator’s systems or otherwise in Operator’s possession or control, unless legally prohibited.
9. Law Enforment Request and Disclosures
9.1 If the Operator or Sub-Processor receives any demand for disclosure of Personal Data by law, the Operator or Sub-Processor will promptly notify the Responsible Party, in writing, of the Legal Request (unless legally prohibited from doing so).
10. Cross Border Data Replication
10.1 It is specifically recorded that:
10.1.1 the Operator or its Sub-Processor will perform replication of personal information to a data center in Europe for the purposes of implementing adequate disaster recovery processes and other legitimate processing activities.
10.1.2 Section 72 of POPI allows the transfer of personal information to a Sub-processor in a foreign country in circumstances where amongst others:
10.1.2.1 the Sub-processor is subject to a law, binding corporate rules or a binding agreement that provides an adequate level of protection that are substantially similar to POPI and effectively uphold the principles as set out in POPI. or;
10.1.2.2 data subject consents to the transfer. or;
10.1.2.3 the transfer is necessary for the performance of a contract between the data subject and the Responsible Party or for the performance of a contract concluded in the interest of the data subject between the Responsible Party and a third party. or;
10.1.2.4 the transfer is for the benefit of the data subject, and it is not reasonably practicable to obtain the consent of the data subject to the transfer.
10.2 The data center to be used by the Operator in Europe will be subject to adequate laws that are substantially similar to POPI and effectively uphold the principles of lawful processing as set out in POPI. Accordingly, the Operator would comply with section 72 of POPI on the basis that the third-party recipient of the information (namely the data centre in Europe is subject to a law which provides an adequate protection level of protection. It will thus not be necessary for the Operator and/or the Responsible Party to obtain the consent of the data subject to transfer the personal information to the data center.
10.3 Having regard to the above, the parties agree that Operator has taken steps to ensure compliance with its obligations as set out in POPI.
11.1 In the event that there is conflict between any Previous Agreement/s and this Agreement, the conditions of this agreement will apply.
12.1 This Agreement will commence on the effective date and will continue until the termination in accordance with any Previous Agreement/s or specifications as per Operator’s Terms and Conditions of Use.
13. Cooperation with Supervisory Authority
13.1 The Operator and the Responsible Party as applicable, shall cooperate, on request, with the Supervisory Authority in the performance of its tasks.
14. Information Officer
14.1 Service Provider contact for any issues in relation to this Agreement:
14.1.1 Risk Officer – Sarvesh Chinappa.
14.2 Any questions or comments about this Agreement can be directed to Operator by contacting Operator on +27 10 203 4300, through Operator’s online support center or by email.