1.6. Ditsong: Museums of South Africa (DMSA) is a national public entity, which is an amalgamation of eight museums, seven in Tshwane and one in Johannesburg. These museums have diverse collections covering the fields of fauna and flora, palaeontology, military history, cultural history, geology, anthropology and archaeology.
The eight museums are:
- DITSONG: National Museum of Natural History
- DITSONG: Tswaing Meteorite Crater
- DITSONG: National Museum of Military History
- DITSONG: National Museum of Cultural History
- DITSONG: Kruger Museum
- DITSONG: Sammy Marks Museum
- DITSONG: Willem Prinsloo Agricultural Museum
- DITSONG: Pioneer Museum
1.7 DMSA’s mandate includes:
- Collection, conservation and safe management of national heritage collections on behalf of the South African nation.
- Carry out research and publish such information for the cultural, social and economic use locally and internationally.
- Design, implement and manage exhibitions and public programmes with a view to supporting the national educational curriculum, economic development and other socio-economic objectives of the Government.
- Render heritage-based service to other museums (national, provincial, local and private) as well as to individuals and tertiary institutions.
1.8 In order to conduct our business activities, including efficiently managing and marketing the museums and collections under our custodianship, DMSA must collect and use your personal information for various reasons.
2.3 POPIA defines personal information as “information which relates to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person”. This includes, but is not limited to, your name, sex, gender, address, contact details, identity number and medical or health information. Personal information does not include information that does not identify a person (including in instances where that information has been anonymised). The personal information that we collect about you may differ on the basis of the products and services that you receive from DMSA.
2.4 DMSA will not use your personal information for any other purpose, other than that which is disclosed by you, unless you give DMSA your express written permission to do so, or unless DMSA is permitted or required to do so by law. DMSA respects your privacy and your personal information, for this reason, we will take care to protect it and keep it confidential.
2.7 You must accept all the terms of this policy when you register for, our use the Website or any of our services. If you do not agree with anything in this policy, then you may not register for or use the Website. By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all its terms.
3. THE INFORMATION WE COLLECT AND HOW WE USE IT
3.2 DMSA collects and processes personal information relative to the provision of its services, and for direct marketing purposes, and undertakes to collect such information in a legal and reasonable manner. The type of information we collect will depend on the need for which it is collected and will be processed for that purpose only. Examples of the types of personal information we may process include (depending on the products and services you may receive from us as a result of the type of data subject you may be in relation to DMSA):
3.2.1 Identity Information which may include information concerning your name, username or similar identifier, title, date of birth, gender, race, and legal status, medical aid information (in the case of employees and their dependents), as well as copies of your identity documents, photographs, identity number or registration number and your qualifications, employment records, personal information of spouses and children required for pension plans, medical aid plans, contact details and health information of visitors and staff for the purposes of Covid-19 symptom checking.
3.2.2 Contact Information which may include your billing addresses, delivery addresses, e-mail addresses and telephone numbers, next-of-kin contact details, residential address details for payroll and other HR purposes, as well as company secretarial information that has been disclosed in relation to you.
3.2.3 Financial Information which includes bank account details, salary information, income tax numbers, and pension information for administration of our employee pension fund.
3.2.4 Transaction Information which may include details about payments made to or received from you.
3.2.5 Technical Information which includes your Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website;
3.2.6 Usage Information which may include information as to your access to and use of the Website, products and services.
3.2.7 Location Information which may include geographical information from your access device as defined below (which is usually based on the GPS or IP location).
3.2.8 Marketing and Communications Information which includes your preferences in respect of receiving marketing information from us and our third parties and your communication preferences.
3.3 In certain instances, we may need consent to process your personal information. If you give us your consent for a specific context, you are free to withdraw this consent at any time. Please note that where you have withdrawn your consent, this will not affect the processing that took place prior to such withdrawal and it will not affect the processing of your personal information where consent is not required.
3.4 You may refuse to provide us with your personal information in which case we may not be able to provide you with the required service or would have to terminate our business relationship. The supply of certain items of personal information, especially those collected to comply with regulation, is legally mandatory.
4. HOW WE COLLECT INFORMATION
We collect personal information in the following ways:
4.1 Through direct or active interactions with you:
4.1.1 We may require that you submit certain information to enable you to access certain portions of the Website, to make use of our services (for example, as customers), to purchase our goods or services, to facilitate the conclusion of an agreement with us, or as is necessary for the fulfilment of our statutory or regulatory obligations. We also collect personal information directly from you when you communicate directly with us, for example via e-mail, physical visits, telephone calls, feedback forms, site comments or forums.
4.1.2 If you contact us, we reserve the right to retain a record of that correspondence, which may include personal information.
4.2 Through automated or passive interactions with you:
4.2.1 We may passively collect certain of your personal information from the access device that you use to access and navigate the Website (each “Access Device”), by way of various technological applications, for instance, using server logs to collect and maintain log information.
4.2.3 A cookie is a small piece of data (an alphanumeric identifier) which our computer system transfers to your access device through your web browser when you visit the Website and which is stored in your web browser. When you visit the Website again, the cookie allows the site to recognise your browser. Cookies may store user preferences and other information.
4.2.5 The personal information that we passively collect from your access device may include your identity information, your contact information, your technical information, your usage information, your location information and your marketing and communications information, or any other personal information which you permit us, from time to time, to passively collect from your access device.
4.3 From third parties or public sources:
4.3.1 DMSA receives personal information about you from various third parties and public sources, including (without limitation):
– publicly available publications which include details of researchers;
– publicly available governmental publications; and
– academic and research institutions’ websites which contain details of academics who are active in the academic fields related to the sectors that DMSA operates in.
5. HOW WE USE YOUR PERSONAL INFORMATION
5.1 We use the personal information that we collect from you to maintain and improve the Website and to improve the experience of our users, to facilitate the sale of our products and the provision of our services and to fulfil our statutory and regulatory obligations. We may also use your personal information to:
- retain and make information available to you on the Website;
- maintain and update our customer, or potential customer, databases;
- establish and verify your identity on the Website;
- operate, administer, secure and develop the Website and the performance and functionality of the Website;
- create user profiles and to analyse and compare how you and other users make use of the Website, including your browsing habits, click-patterns, preferences, frequency and times of use, trends and demographic information;
- provide you with marketing material that is relevant to you;
- for security, administrative and legal purposes;
- comply with our statutory obligations, including submissions to the B-BBEE Commission, as well as engaging with regulatory authorities;
- for customer relations purposes;
- conduct DMSA’s recruitment and hiring processes, which includes the conducting of criminal record and credit checks, referrals, the capturing of job applicant’s details and the providing of status updates to job applicants;
- fulfil any contractual obligations that we may have to you or any third party;
- communicate with you and retain a record of our communications with you and your communications with us;
- analyse and compare the types of access devices that you and other users make use of and your physical location;
- for other lawful purposes that are relevant to our activities or regulatory functions;
- collect information for consolidation and reporting purposes which can be sent to the Executive Authority and Parliament;
- for statistical analysis and research purposes;
- for audit and record-keeping purposes;
- enhance your experience when interacting with the DMSA and to help us improve our offerings to you;
- conduct market research and provide you with information about our products and services from time to time via email, telephone or other means (for example, invite you to events).
6. COMPULSORY PERSONAL INFORMATION AND CONSEQUENCES OF NOT SHARING WITH US
6.1. Where DMSA is required to process certain personal information by law, or in terms of a contract that we have with you, and you fail to provide such personal information when requested to do so, DMSA may be unable to perform in terms of the contract we have in place or are trying to enter into with you. In this case, DMSA may be required to terminate the contract and/or relationship, upon notification to you, which termination will be done in accordance with the terms of the contract and all applicable legislation.
7. SHARING YOUR PERSONAL INFORMATION
7.2. DMSA may share your personal information under the following circumstances:
7.2.2 with our employees, suppliers, service providers, contractors and agents if and to the extent that they require such personal information in the provision of services for or to us, which include hosting, development and administration, technical support and other support services relating to the Website or the operation of DMSA’s business. We will authorise any personal information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions;
7.2.3 to enable us to enforce or apply any other contract between you and us;
7.2.4 to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents and any other third party;
7.2.5 to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;
7.2.6 share with governmental agencies and other regulatory or self-regulatory bodies, if required to do so by law or we reasonably believe that such action is necessary to:
– comply with the law or with any legal process;
– protect and defend the rights, property or safety of DMSA, or our customers, employees, contractors, suppliers, service providers, agents or any third party;
– protect the rights, property or safety of members of the public (if you provide false or deceptive information or misrepresent yourself, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).
8. PROCESSING OF PERSONAL INFORMATION
8.1. Chapter 3 of POPIA provides for the minimum conditions for lawful processing of personal information by a responsible party. These conditions may not be derogated from unless specific exclusions apply as outlined in POPIA.
8.2. DMSA needs personal information relating to both individual and juristic persons in order to carry out its business and organisational functions. The manner in which this information is processed and the purpose for which it is processed is determined by DMSA. DMSA is accordingly a responsible party for the purposes of POPIA and will ensure that the personal information of a data subject:
8.2.1 is processed lawfully, fairly and transparently. This includes the provision of appropriate information to data subjects when their data is collected by DMSA, in the form of privacy or data collection notices. DMSA must also have a legal basis (for example, consent) to process personal information;
8.2.2 is processed only for the purposes for which it was collected;
8.2.3 will not be processed for a secondary purpose unless that processing is compatible with the original purpose;
8.2.4 is adequate, relevant and not excessive for the purposes for which it was collected;
8.2.5 is accurate and kept up to date;
8.2.6 will not be kept for longer than necessary;
8.2.7 is processed in accordance with integrity and confidentiality principles; this includes physical and organisational measures to ensure that personal information, in both physical and electronic form, are subject to an appropriate level of security when stored, used and communicated by DMSA, in order to protect against access and acquisition by unauthorised persons and accidental loss, destruction or damage;
8.2.8 is processed in accordance with the rights of data subjects, where applicable. Data subjects have the right to:
– be notified that their personal information is being collected by DMSA. The data subject also has the right to be notified in the event of a data breach;
– know whether DMSA holds personal information about them, and to access that information. Any request for information must be handled in accordance with the provisions of this Policy;
– request the correction or deletion of inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained personal information;
– object to DMSA’s use of their personal information and request the deletion of such personal information (deletion would be subject to DMSA’s record keeping
– object to the processing of personal information for purposes of direct marketing by means of unsolicited electronic communications; and
– complain to the Information Regulator regarding an alleged infringement of any of the rights protected under POPIA and to institute civil proceedings regarding the alleged non-compliance with the protection of his, her or its personal information.
9. DATA SECURITY
9.1. Storage and transfer of your Information
DMSA intends to protect the integrity and confidentiality of your personal information. DMSA has implemented appropriate technical and organisational information security control measures (including, but not limited to, using encryption for transmission to keep information secure, accurate, current, and complete). However, we cannot guarantee the security of any information that is transmitted to the organisation online and you do so at your own risk.
9.2. Transfer across borders
Some of the persons to whom we disclose your personal information may be situated outside of the Republic of South Africa (RSA) in jurisdictions that may not have similar data protection laws to that of the RSA. In this regard, we may send your personal information to service providers outside of the RSA for storage or processing on DMSA’s behalf. However, we will not send your information to a country that does not have information protection legislation similar to that of the RSA, unless we have ensured that the recipient agrees to effectively adhere to the principles for processing of information in accordance with POPIA.
9.3. Clickstream analytics
9.3.1 In the interests of better customer service, DMSA may collect anonymous information from visitors to its websites. Google Analytics or cookies may be used to analyse trends and statistics and to provide better customer service on our Website.
9.3.2 The information, referred to as traffic data, which may be collected includes
- Your IP address;
- The search terms you have used;
- The pages accessed on the Website and the links you have clicked on;
- The date and time you visited the Website;
- The referring website (if any) which you clicked through to our Website;
- The type of website browser you use; and
- Activities while visiting our Website.
9.4.1 What are cookies?
A cookie is a small text file that is downloaded onto ‘terminal equipment’ (for example, a computer or smartphone) when you access a website. It allows the website to recognise your device and store some information about your preferences or past actions.
9.4.2 How are cookies used?
Cookies ‘remember’ information about you. The information helps the DMSA to understand how our Website users are utilising our services, assisting us in improving it. With it, we can remember your preferences, previous website usage and browsing history, and keep this in mind when providing you with content. Because of this, we can bring you an enhanced experience and customised content and services. Cookies allow us to measure how many times a page has been visited, whether a page has been visited on the Website through an advertisement or by other means.
9.4.3 How to disable cookies?
a. Click the Customize and control Google Chrome menu button in the upper right-hand corner of the browser bar.
b. Click “Settings.”
c. Scroll down to Privacy and Security
d. Click “Site Settings”.
e. Click “Cookies and site data”.
f. In the Privacy and Security section, click Content Settings.
g. Customise settings so as to block cookies.
a. Click the Settings and more button in the upper right-hand corner of the browser bar.
b. Click Settings.
c. Click Privacy and Security.
d. In the Cookies section, turn on “Block third-party cookies” or add desired sites in “Block” section to block the cookies.
Internet Explorer 11
a. Click Tools or the gear icon in the upper right-hand corner of the top of the browser bar.
b. Select Internet Options.
c. Click the Privacy tab and then the Advanced button on that tab.
d. Customise settings so as to reflect your preferences.
a. Click the Open menu button in the upper right-hand corner of the browser bar.
b. Click Options.
c. Click Privacy and Security.
d. Customise settings so as to reflect your preferences.
9.5. Right of access to information
The Promotion of Access to Information Act (PAIA), coupled with POPIA, offer an individual the right to access information held by a public or private body in certain instances. This right can be exercised in accordance with the DMSA Access to Information Manual.
9.6. Correction of your information
In accordance with POPIA, you have a right to correct any of your personal information held by DMSA. This right should be exercised in accordance with the procedure outlined in the Access to Information Manual.
9.7. Objection to processing of your information
In accordance with POPIA, you may object to our processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides for such processing.
Where you provide your personal information to DMSA in the context of a sale of our products or services, you agree to us sending you information on news, trends, services, events and promotions, always subject to your right to opt out of receiving such marketing materials at the time your information is collected and on each subsequent marketing communication thereafter. You may object to receiving direct marketing from DMSA at any time by contacting the DMSA’s Deputy Information Officer or the Marketing and Communications Manager. Where you choose to exercise your right to opt out of direct marketing, please allow up to 21 working days for DMSA to effect that change.
10. CONTACT INFORMATION OF DITSONG: MUSEUMS OF SOUTH AFRICA
10.1 Should you have a question or complaint regarding the processing of your personal information, your
complaint may be submitted to:
|DITSONG: Museums of South Africa
70 WF Nkomo Street
|PO Box 4197
|012 492 5744
|Deputy Information Officer
11. THE INFORMATION REGULATOR
Whereas we would appreciate the opportunity to first address any complaints regarding our processing of your personal information, you have the right to complain to the Information Regulator, whose contact details are:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
PO Box 31533, Braamfontein, Johannesburg, 2017