1.1. Isabella Garcia International Proprietary Limited, with registration number 2008/002757/07 (the Company, us, our, we), is a cosmetics company that specialises in the marketing, selling and distribution of its products to clients anywhere in South Africa.
1.2. The Company is associated with a group of companies including Platinum Life, The Box Fashion, IPS Health and Wellness and Besige Breintjies which enables us to provide holistic care and support to our clients.
1.3. The Company collects, stores and processes personal information of client, potential clients, employees, etc. (the Individual).
1.4. The Company’s business model is largely based on a referral system and relationships with Group Affiliates. When the Company collects personal information from sources other than directly from the Individual, you will have had to confirm that you are agreeable for others to have shared your information. In order to provide holistic care and support to our clients we rely on all Group Affiliates and their services. Isabella Garcia International and the Group Affiliates are committed to offer you an all-encompassing solution, that is in your interest and that will benefit your health and wellbeing.
1.5. The Company values its clients and business partners. We understand the sensitive nature of the personal information which we hold. It is for this reason that the protection of personal information is one of our top priorities. We endeavour to maintain the confidentiality of personal information and process personal information in adherence to the Protection of Personal Information Act 4 of 2013 (“POPIA”).
1.7. This Policy should be read in conjunction with the Isabella Garcia International Website Terms and Conditions available at https://isabellagarcia.co.za/terms-conditions.
1.8. This Policy should be read in conjunction with the Isabella Garcia International Cookies Policy available at https://isabellagarcia.co.za/cookies-policy.
2. What is personal information:
2.1. In terms of POPIA, personal information is information that may be used to identify an individual or a company.
2.2. Examples of personal information include, but is not limited to:
2.2.2. Identification number.
2.2.3. Contact information.
2.2.4. Financial information.
2.2.5. Information relating to race, gender or sexual orientation.
2.2.7. Physical or mental health.
3. Personal information that the Company collects:
3.1. The Company collects and uses personal information mainly to perform direct marketing, and to perform contractual obligations. The Company performs direct marketing where there is a legitimate and mutual interest.
3.2. The Company markets and sells cosmetic products and services to various parties including individuals and other companies/organisations.
3.3. The Company may collect personal information which includes, but is not limited to:
3.3.1. Identification and contact information, and information that will assist the Company to provide products and services to the Individual:
184.108.40.206. Physical and postal address.
220.127.116.11. Email address.
18.104.22.168. Telephone or other contact details.
22.214.171.124. Marital status.
126.96.36.199. Date of birth.
188.8.131.52. Educational background.
184.108.40.206. Employment history.
220.127.116.11. Identification number.
3.3.2. Financial information and account details:
18.104.22.168. Bank account number and account details.
22.214.171.124. Credit history.
126.96.36.199. Credit score.
3.3.3. Medical condition and health information:
188.8.131.52. Current physical, mental or medical condition.
184.108.40.206. Past physical, mental or medical condition.
220.127.116.11. Injury or disability information.
3.3.4. Personal information relating to
18.104.22.168. Physical attributes including race.
22.214.171.124. Skincare routines.
126.96.36.199. Health habits.
3.3.5. Other sensitive information:
188.8.131.52. Other sensitive information voluntarily provided by the individual.
3.4. The Company may also collect feedback, comments and questions received from the Individual in service-related communications and activities.
3.5. When personal information is collected, the Company will indicate the purpose for the collection of the personal information and whether the personal information required is compulsory or voluntary.
4. How data is collected:
4.1. Personal information is collected in any of the following ways:
4.1.1. Directly from the Individual through various methods including (but not limited to):
184.108.40.206. The Company Website.
220.127.116.11. Telephonic communication.
18.104.22.168. The Individual communicating with the Company through various portals:
22.214.171.124.1. Email communication.
126.96.36.199.2. SMS communication.
188.8.131.52.3. Website forms, surveys or chat functions.
184.108.40.206.4. Social media platform communication.
4.2. Data may also be received indirectly from the following sources:
4.2.1. Referrals from current clients.
4.2.2. Where consent was given by the Individual to collect information from another source (including Group Affiliates) and the Company has provided the detail of the source.
4.2.3. Where information is publicly available.
5. The use of personal information:
5.1. Personal information collected by the Company may be used, stored, disclosed or shared for the following purposes:
5.1.1. The administration of the Company.
5.1.2. To communicate with the Individual regarding orders, product information, billing and queries.
5.1.3. To provide the Individual with appropriate product advice and recommendations.
5.1.4. To send the Individual information regarding changes to services, products or prices and other terms and conditions.
5.1.6. To manage any disputes.
5.1.7. To process payments and manage accounts.
5.1.8. To personalise and tailor product or service offerings to the individual.
5.1.9. To analyse and manage other commercial risks.
5.1.10. To conduct market research.
5.1.11. To provide the Individual with marketing information (including information about other products and services in the interest of the Individual’s overall well-being, offered by Group Affiliates and in so doing enhance the holistic service to the Individual.
5.1.12. To comply with internal policies and procedures such as:
220.127.116.11. Audit reports.
18.104.22.168. Finance and accounting.
22.214.171.124. Billing and collections.
126.96.36.199. IT systems.
188.8.131.52. Data and website management.
184.108.40.206. Records management.
5.1.13. To respond to queries or resolve complaints.
5.1.14. To handle requests for the correction, updating, access or deletion of the Individuals personal information.
5.1.15. To comply with applicable laws and regulatory obligations.
6. Automated decision making:
6.1. The Company uses the following automated system/s for carrying out certain kinds of decision-making and / or profiling. If at any point the Individual wishes to query any action that was taken on the basis of this or wishes to request ‘human intervention’, the Company will provide the opportunity to do so.
6.2. The following automated decision-making method(s) may be used:
6.1.1. Product allocation based on skincare questions.
6.1.2. Campaign allocation based on market research questions.
7. Sharing of personal information:
7.1. Access to personal information within the Company and it’s Group Affiliates is restricted to those individuals who require access to personal information for business purposes.
7.2. In order to provide products and services to the Individual that enhances holistic care and support, the Company share the Individual’s information with the following Group Affiliates:
7.2.1. Platinum Life: A risk insurance provider specialising in female cancer and male debility cover.
7.2.2. The Box Fashion: A fashion accessories service company.
7.2.3. IPS Health and Wellness: A company focused on providing clients with nutritional supplements.
7.2.4. Besige Breintjies: An educational programme designed to develop and improve children’s intellectual, social, physical and emotional well-being.
7.3. The Company may also share personal information of the Individual with other companies who are not Group Affiliates. This will only be done once the Individual has given explicit and prior consent to do so.
7.4. The Company may be obliged to disclose personal information to the extent that is required to do so by law.
8. Personal information security:
8.1. The Company securely stores The User’s data on dedicated servers based in Ireland and South Africa.
8.2. The servers are secured with a firewall and access to the servers are password protected and strictly limited.
8.3. Notwithstanding this, no security measures or systems are impenetrable. The Company cannot make any guarantees against data breaches.
8.4. Information is transferred over a secure connection and stored in a password protected database.
8.5. The Company will:
8.5.1. Take reasonable and appropriate technical and organisational measures to ensure that personal information is kept secure and is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access.
8.5.2. Provide the Individual with access to their personal information to view and/or update personal details upon request.
8.5.3. Promptly notify the Individual if we become aware of any unauthorised use, disclosure or processing of their personal information.
8.5.4. Provide reasonable evidence of compliance with obligations under this policy on reasonable notice and request.
8.6. Whilst the Company will do all things reasonably necessary to protect rights of privacy, we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of personal information, whilst in our possession, by a third party who is not subject to our control, unless such disclosure is as a result of our gross negligence.
9. Review and correction of personal information:
9.1. The Company undertakes to provide the Individual with access to their personal information upon request and provide mechanisms so that any personal information found to be inaccurate or incomplete can be corrected or amended as feasible, subject to any requirement or rule for such personal information to be retained by law.
9.2. Prior to the amendment, correction or removal of personal information, the Company will require the Individual to identify themself and to identify the portion of information requested to be amended, corrected or removed. A request for the amendment, correction or removal of personal information may be declined if the process of the request is unreasonably repetitive, require disproportionate technical effort, or jeopardizes the privacy of others.
9.3. The services of access and correction of personal information is done free of charge, except to the extent that it would require disproportionate effort by the Company. Once personal information is deleted, residual copies of the information may take a period of time before they are deleted from our servers and may remain in our backup systems.
9.4. It is important that any information provided directly to the Company is accurate and correct. Please inform the Company as soon as possible if any information held about the Individual is no longer correct.
9.5. Providing false or inaccurate information in order to obtain a product or service may also result in said product or service being restricted or cancelled.
10. Data retention:
10.1. The Company will only retain personal information on the Individual to the extent and duration that a legitimate interest to process this personal information as defined in the point on “Use of Personal Information” above is valid.
10.2. The Company will, upon request by the Individual, promptly return or destroy any and all personal information in the possession or control of the Company, save for that which is legally obliged to retain.
11. Data subject rights:
11.1. As a data subject, the Individual has a number of data privacy rights. These rights include the right to request from the Company access to, correction or deletion of personal data or restriction of processing concerning data or to object to the processing of their personal information.
11.2. All the rights of a data subject are contained in POPIA. The information on these rights can be found on the Information Regulator’s website at https://www.justice.gov.za/inforeg/ , to whom the Individual has the right to make a complaint, if the concern is not resolved by the Company.
12. Contact the Company:
12.1. If the Individual has any questions about this notice our treatment of personal information or wish to exercise any of the rights, please address an email to [email protected]
12.2. The Company’s Information Officer:
12.2.1. Elismari Hamman
12.2.2. Email: [email protected]
12.2.3. Cell: 072 204 3988
12.2.4. Registration number: 22339/2021-2022/IRRTT