● when you use any of our products or services ● when you apply to us for a job or work placement ● when you supply services to us where this involves any personal information ● as a result of your relationship with our clients; and/or ● to any information collected from or shared with third parties.

● Your name and surname ● Age ● Health information, as part of our screening processes, when you access our premises, in order to comply with Covid-19 regulations and protocols when necessary ● Identity - or passport number when necessary ● Contact number ● Order details ● Device ID ● Profile images ● Payment details ● Shipping address ● Details of enquiry ● Product(s) preference ● Time spent on our website ● Search queries submissions ● Social media handles ● Cookies and web beacons ● Log-in and device information ● Opt-in consent for marketing ● Booking and reservation details ● System logs

● by filling in forms on our social media accounts or our website (hereafter referred to as ‘platforms’) ● when you register on our platforms or subscribe to use services on our platforms ● when you enter a competition, promotion or complete a survey ● by posting comments or content on our platforms ● when you purchase one of our products or services. ● when you contact us and when you otherwise provide information directly to us. ● Personal Information we collect or receive when you use our platforms, products, or services: We collect personal information when you use our platforms or services or buy products from us by using cookies and web beacons. This may reveal log-in information, device information and search queries submissions. We receive this when you: ● access our platforms (this reveals the type of device you’re using, yourbrowser or operating system and your Internet Protocol (“IP”) address) ● interact with our platforms and other services, view content, and submit search queries.

We may receive additional information about you that is publicly or commercially available and combine that with the information we have collected or received about you in other ways. We may also receive information about you when you choose to connect with social networking services while using our platforms.

Some types of personal data are required as conditions for using our services. Mandatory information includes personal data required for processing payments and delivering orders. Failure to provide this mandatory information will mean that you will be unable to place an order with us.

● To collect contact information ● To confirm and verify your identity or to verify that you are an authorised user for security purposes ● To process payments for our services and to deliver orders to you ● To respond to your queries, feedback, and complaints ● To maintain a customer database ● To provide you with promotional material and inform you of competitions if you have opted-in to receive this information ● To inform you of similar products after you have placed an order with us ● To allow you to register an account on our website ● To improve your experience on our website ● To compile information about browsing habits and click patterns via the use of cookies ● To gain behavioural insight to give you personalised recommendations/targeted advertising ● For the detection and prevention of fraud, crime, money laundering, or other malpractice ● To conduct market or customer satisfaction research or for statistical analysis ● For audit and record-keeping purposes ● In connection with legal proceedings ● For anything, you have specifically consented to

● to provide efficient services. ● who are our service providers and who are involved in the delivery of products or services to you. We aim to have agreements in place to ensure that they comply with the privacy requirements as required by POPIA. ● where we have a duty or a right to disclose in terms of law or industry codes. ● to comply with court orders. ● to recover debts and liaise with our attorneys in connection with any potential, threatened or actual litigation. ● in respect of the restructure of sell of our businesses or assets. ● where we believe it is necessary to protect our rights.

● Physical security ● Computer and network security ● Access to personal information ● Secure communications ● Security in contracting out activities or functions ● Retention and disposal of information ● Acceptable usage of personal information ● Governance and regulatory issues ● Monitoring access and usage of private information ● Investigating and reacting to security incidents

● Access to information You may request a copy of the personal information we hold about you. To do this, simply contact us at the numbers or addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information. Please note that any such access request may be subject to payment of a legally allowable fee. ● Right to withdraw consent Where we have relied on your consent to process information and you have provided us with your consent to process data, you have the right to withdraw such consent at any time. ● Correction of your information
You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to the personal information we may hold about you. We would appreciate it if you would keep your personal information accurate. In certain circumstances, we may have the right to refuse to delete your personal information. ● Right to object to processing justified on legitimate interest grounds You have the right to object to the use of your personal information for direct marketing or where we use it on the basis that we say we have a legitimate interest in using it. ● Right to lodge a complaint
You also have the right to lodge a complaint with the South Africa Information Regulator if you consider that the processing of your personal data infringes applicable law.
The Information Regulator (South Africa)
SALU Building,
316 Thabo Sehume Street,
Pretoria
T +27 12 406 4818
F +27 86 500 3351
inforeg@justice.gov.za

● Confidential information means any personal information, as defined in the POPI Act, and any other information or data of any nature, tangible or intangible, oral or in writing and in any format or medium, which by its nature or content is, or ought reasonably to be identifiable as confidential and/or is provided or disclosed in confidence to our firm. ● Data subject is an individual or juristic person to whom the personal information relates. ● Electronic communication means any text, voice, sound, or image message sent over an electronic communications network that is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient. ● Information security breach is any incident:

o in which sensitive and/or protected and/or private and/or confidential information has been lost, disclosed, stolen, copied, transmitted, viewed, altered, destructed, or otherwise used or processed in an unauthorised manner; or o that results in the unauthorized access of information, applications, services, networks, and/or devices by bypassing our firm’s security mechanisms.

● Personal information is information relating to an identifiable, living, natural person, and where it is applicable and identifiable, existing juristic person, including, but not limited to -

o information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and the birth of the person o information relating to the education or the medical, financial, criminal or employment history of the person o any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignments to the person o the biometric information of the person o the personal opinions, views, or preferences of the person o correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence o the views or opinions of another individual about the person; and o the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

● Processing means any operation or activity or any set of operations of the responsible party, whether by automatic means, concerning personal information, including -

o the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, or use of personal information o dissemination of personal information by means of transmission, distribution, or making available in any other form; and o merging, linking, as well as restriction, degradation, erasure, or destruction of personal information.

● Record means any recorded information regardless of form or medium, including any of the following:

o writing on any material o information produced, recorded, or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other devices, and any material subsequently derived from information so produced, recorded or stored o label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means o book, map, plan, graph, or drawing; and o photograph, film, negative, tape or other devices in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced in the possession or under our firm’s control, whether or not it was created by us; and regardless of when it came into existence.

● Responsible party means Signal Hill Products (Pty) Ltd. ● Special personal information is information that relates to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, or biometric information of a data subject. It also includes criminal behaviour relating to alleged commissions of offences or any proceeding dealing with alleged offences.