We at International Association for Sustainable Economy South Africa (IASE South Africa, aka, “IASE Africa Regional Office”) know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about how we collect, store, use, and disclose information about you when you interact or use our websites (collectively the “IASE South Africa sites”) or any related events, trade shows, sales, or marketing, and/or if you use any of our products and services (collectively the “Services”) in any manner.
Who are we and what do we do?
IASE South Africa, registered in South Africa as a not-for-profit entity, is a member organisation of The International Association for Sustainable Economy, which is the global ESG standards-setting body. Through an agreement with the worldwide body, IASE South Africa represents the global body’s interest throughout Africa (except Morocco). The use of the name “IASE Africa Regional Office” reflects the broader mandate of IASE South Africa.
The goal of IASE is to develop and maintain standards of practice of Environmental, Social and Governance (ESG) for the certification of practitioners around the world. To achieve this vision, certification in IASE is open to international professionals.
To communicate with students, candidates and certificate holders and promote the goals of the organisation, “IASE Africa Regional Office” uses a variety of methods including local meetings, international conferences, the official IASE Africa website, newsletters, and email communications, most which require the use of personal information.
Does IASE South Africa collect Sensitive Data?
“Sensitive Data” means personal data or information that discloses an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, criminal proceedings, biometrics, and data concerning health.
We only collect Sensitive Data if required by the laws of any of the African countries that we operate. In such a case, at the point of collection, we will be explicit in informing you about the reason why it is required. If otherwise, an IASE South Africa employee discovers that we have mistakenly received Sensitive Data, the employee will inform a designated contact within our company who will assess the processing of such data.
What information does IASE South Africa collect?
Information that we collect can be classified as Personal Information or Personal Data. This information is categorised into the information that you provide to us and the data that we collect automatically.
Information you provide to us:
When you use our IASE Africa Regional Office website or Our Services, we receive and store the information you provide directly to us. The types of information we may collect directly from you may include first name, last name, user names, email addresses, birthday, postal addresses, phone numbers, job titles, transactional information (including Services purchased), event attendance, video, and pictures as well as other contact or other information you choose to provide us or upload to our systems in connection with our Services.
When using our Services and executing a financial transaction with us online (e.g., registration, donations, application, or online conference registration), we never collect your financial information. We only retain information that the financial transaction has completed. Online financial transactions, such as credit card payments, are processed with PCI-compliant third-party providers like PayGate (www.aygate.co.za)
Data we automatically collect:
In addition to cookies, we also keep track of user activity on the IASE South Africa sites through application audit controls and log files.
How do we use your Personal Information?
We use the personal information we collect under this Policy for our legitimate business interests, which include:
- Provision of services: To provide and operate our IASE South Africa sites and Services, fulfil your orders and requests, process your payments, for bug and error reporting and resolution, perform upgrades and maintenance, and for similar purposes.
- Customer support: To communicate with you about your use of the Services; respond to your communications, complaints, and inquiries; provide technical support, and for other customer service and support purposes.
- Personalization: To tailor content we send or display to you to offer location customisation and personalised help and instructions, and to otherwise personalize your experience using the Services.
- Marketing and promotions: For marketing and promotional purposes. For example, we may use contact information such as your email address to send you newsletters, special offers or promotions, or to otherwise contact you about IASE products or information we think may interest you. If you are in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them. You may opt-out of receiving marketing emails by following the opt-out instructions in the email. We may still email customer service and transaction-related communications, even if you have opted out of receiving marketing communications.
- Advertising: To assist in advertising the Services on third-party websites.
- Analytics and improvement: To better understand how users access and use the Services and for other research and analytical purposes, such as to evaluate and improve the Services and to develop additional products, services, and features.
- Protect legal rights and prevent misuse: To protect the Services; prevent unauthorised access and another misuse; and where we believe necessary to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms and Conditions or this Policy.
- Comply with Legal Obligations: To comply with the law or legal proceedings; for example, we may disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements.
- General Business Operations: Where necessary to the administration of our general business, accounting, record keeping, and legal functions.
How do we share and disclose information to third parties?
We do not rent, trade, or sell your Personal Information to anyone. We may share and disclose information (including Personal Information) about our users in the following limited circumstances:
- Vendors, consultants, and other service providers:
- We may share your information with third-party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback and surveys (e.g., Survey Monkey, Formstack), CRM service providers (e.g., MS Dynamics, Salesforce), or email service providers (e.g., Informz) and others.
- If IASE South Africa has received your Personal Information and subsequently transfers that information to a third-party agent or service provider for processing, IASE South Africa shall remain responsible for ensuring that such third-party agent or service provider processes your Personal Information to the standard required by our Privacy commitments. Unless we tell you differently and you consent, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.
- Other IASE Entities:
- Protection of IASE South Africa and Others:
- We reserve the right to access, read, preserve, and disclose any information as necessary to comply with law or court order; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of IASE South Africa, our employees, our users, or others.
- Disclosures for National Security or Law Enforcement:
- Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Is Personal Information about me secure?
We use appropriate technical, organisational, and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
How long do we keep Personal Information?
We keep your personal information for as long as reasonably necessary for the purposes set out above. We will retain your account profile data as necessary for our legitimate business purposes or to comply with our legal obligations (such as record keeping, accounting, fraud prevention, and other business administrative purposes). However, we will maintain your personal information longer where required for tax or accounting purposes to ensure we would be able to defend or raise a claim, or where we have a specific need to retain, though we will generally not keep personal information for longer than seven years following the last date of communication with you. Legitimate business purposes that we may rely on to keep your personal information when you are not a customer include direct marketing (where you have not opted out) for up to four years, facilitating the restoration or establishment of a user account in the future, maintaining business intelligence systems for analytics and other internal purposes, etc. Where your information is no longer required, we will ensure it is disposed of securely.
Cookies and other analytics
In addition to Google Analytics, we also use other reputable 3rd party tools such as Tilio, Rank Math, and If-So that tracts and collects similar user activity and information as Google Analytics.
Your Privacy Rights
What choices do you have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our Services.
You can opt out of receiving promotional or marketing communications from us at any time, by using the unsubscribe link in the email communications we send.
If you have any account for our Services, we will still send you non-promotional, service-related communications including but not limited to transactional confirmations, invoices, and other operational emails.
How can I update and access my information?
If you would like to access, review, update, and rectify any Personal Information we hold about you, or exercise any other data subject right (see below) available to you, please email us at [email protected].
Rights for users
Individuals have the following rights concerning their personal information:
- Access. You can ask us to confirm whether we are processing your personal information; give you a copy of that data; and provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
- Rectification. You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Erasure. You can ask us to erase your personal information, but only where it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully, or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary for compliance with a legal obligation or the establishment, exercise, or defence of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Restriction. You can ask us to restrict (i.e., keep but not use) your personal information, but only where its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal information following a request for restriction where we have your consent; to establish, exercise, or defend legal claims; or to protect the rights of another natural or legal person.
- Objection. You can object to any processing of your personal information which has our ‘legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal information for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal information for direct marketing purposes.
- Portability. You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Withdrawal of consent. You can withdraw your consent in respect of any processing of personal information which is based upon consent which you have previously provided
International data transfers
Please note that we are required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Children’s personal information
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under the age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us with Personal Information, please contact us at [email protected].
What if I have questions about this policy?
If you have any questions or concerns regarding our privacy policies, please send us a detailed message at [email protected] and we will try to resolve your concerns.