(Approved by the SAMRA Board on 13 December 2019)
In general, personal data includes any identifying information about an individual, such as:
- race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, birth;
- education or medical, financial, criminal or employment history;
- any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment;
- biometric information;
- personal opinions, views or preferences;
- correspondence sent, that is implicitly or explicitly of a private or confidential nature or correspondence that would reveal the original correspondence;
- other people’s views or opinions about the person;
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name would reveal information about the person.
A Data Subject is someone whose personal data is processed by someone else. A Data Collector is an entity (i.e. an individual or organisation) that collects personal data from Data Subjects. A Data Importer is an entity that received personal data about a Data Subject from a Data Collector.
Although SAMRA does not collect and process all the personal information listed above, SAMRA gathers and uses some personal data from and about our stakeholders, including SAMRA Members. SAMRA collects, imports, processes and stores personal data in order to:
- Communicate with our stakeholders about our activities;
- Process membership applications, event bookings, advertising in our publications;
- Report on SAMRA membership at aggregate level; and/or
- Deliver the products or services offered by SAMRA.
1.1 SAMRA stakeholder identification
Personal data collected by SAMRA and/or provided to SAMRA by third parties (e.g. SAMRA Organisation members) is used for the identification of SAMRA stakeholders for the purpose of transacting with SAMRA.
- National identity numbers are specifically collected for the purpose of identifying natural persons/individuals who transact with SAMRA, including inter alia individuals who buy and/or use SAMRA products or services, SAMRA Independent Members and SAMRA Associate Members.
- SAMRA Independent Members and SAMRA Associate Members are also identified by national identity number for the purpose of governance of SAMRA, to be legally counted for voting:
- Independently, in the case of SAMRA Independent Members, or
- Toward the SAMRA Organisation Member vote, in the case of SAMRA Associate Members.
1.2 SAMRA stakeholder communication
Personal data is used for electronic communication with SAMRA stakeholders (e.g. SAMRA Associate Members), to provide information to about, for example, SAMRA publications, events, professional matters, membership, interest groups, etc., available research jobs, external/third party products and services relevant to research (e.g. courses, software, etc.), and special interest groups for SAMRA Members in the insights industry.
SAMRA stakeholders must opt in for us to communicate with them. They can opt out at any time using the Unsubscribe or Opt Out option provided or contacting the SAMRA office on firstname.lastname@example.org.
2. COLLECTING, IMPORTING, STORING AND ACCESSING PERSONAL DATA
2.1 Data Collection from a Data Subject
If personal data is submitted to SAMRA by a Data Subject (e.g. as a SAMRA website user, SAMRA Independent Member, SAMRA Associate Member, SAMRA Membership Applicant, etc.), the information must be submitted to the SAMRA office via the SAMRA-supplied online form.
Details requested can include a person’s Title, Given Names, Known As, Surname, Gender, Race, National Identity Document Number, Country of Issue of Identity Document, Country of Birth, Employer Organisation, Current Position, Level, Role, Employment Status, City/Town, Country, Work Phone Nr, Mobile Phone Nr, and Email Address.
To access, view, change or delete personal data, stakeholders can log on to the SAMRA website to access, view, change or delete their personal data stored on the SAMRA website and/or contact SAMRA using the online contact form and/or submit a request to email@example.com.
Where SAMRA transfer any personal data that SAMRA have gathered to any third party, SAMRA do so only with Data Subject permission and only if this is necessary to deliver SAMRA’s products and services, or, for example, if a Data Subject has requested SAMRA to do so to receive information from the third party. SAMRA do not sell, rent, loan, or trade any personal data to any third party.
2.2 Importing of Data supplied by a Data Collector
If personal data is submitted to SAMRA by an external Data Collector (e.g. a SAMRA Organisation Member submitting SAMRA Associate Member details), the information must be submitted to the SAMRA office via password-protected email attachment using the SAMRA-supplied template.
- The Data Collector (e.g. SAMRA Organisation Members) must obtain explicit consent before submitting the Data Subject’s personal data (e.g. their SAMRA Associate Member personal data) to SAMRA. Details submitted can include the person’s Title, Given Names, Known As, Surname, Gender, Race, National Identity Document Number, Country of Issue of Identity Document, Country of Birth, Employer Organisation, Current Position, Level, Role, Employment Status, City/Town, Country, Work Phone Nr, Mobile Phone Nr, and Email Address. This consent must be confirmed in writing to SAMRA when personal data is submitted for import by SAMRA.
- The SAMRA Templates (e.g. Associate Member Template) are published annually in March, usually in Microsoft Excel format.
- The SAMRA Template must be password protected by the Data Collector for the purpose of restricting opening of the document, before submitting it to SAMRA via email, and the password should be sent to the SAMRA office separately via email.
- To access and update details, the Data Collector can submit updated details to SAMRA via email on firstname.lastname@example.org using the relevant SAMRA Template.
- Data Collectors who have submitted Data Subjects’ personal data to SAMRA must submit updated personal data of the Data Subjects at least once a year in March, including confirmation of consent.
3. STORAGE AND SECURITY
All personal data is stored on a secure server or offline, no online payments are processed and SAMRA does not store credit card details.
Personal data is retained for no more than five years, except:
- If longer retention is explicitly requested by a Data Subject, or
- As a legal requirement for SAMRA, being a registered not-for-profit company in South Africa, or
- For the purpose of ensuring that SAMRA keeps adequate accounting records and adheres to good governance requirements, as agreed to by the SAMRA Board.
3.1 SAMRA Website
The SAMRA website was designed using WordPress. WordPress is open source software used to create websites, blogs, or apps. For more information about WordPress security, see https://wordpress.org/about/security/.
In addition to the standard WordPress security platform, SAMRA uses Wordfence Security, an endpoint firewall specifically designed for WordPress sites. Anti-virus and firewall rules are updated in real-time. Wordfence Security also includes a malware scanner and malware rules are updated in real-time as new threats emerge. It includes two factor authentication, brute force protection, country blocking and an IP blacklist that is updated in real-time. Attack data is specific to WordPress and blocking is immediate.
The following additional plugins have been installed on the SAMRA website, to ensure security and compliance with privacy regulations:
- Newsletters is used for communication with all website users. Names, surnames and email addresses are stored in the website database for all users. It allows users to subscribe to multiple mailing lists on the website, and for SAMRA to send newsletters manually or from posts, manage newsletter templates, view a complete history with tracking, and import/export subscribers.
- VBF Pro is a form builder, used for submission of Organisation Member and Independent Member details, and all contact and booking forms
- Akismet Anti-Spam is used for spam protection
- Connections Business Directory is used for advertising member services
- Export Users to CSV is used to export Users data and metadata to a csv file
- Import users from CSV with meta to import users using CSV files to WP database
- LoginPress Version is used to change the layout of login, register and forgot password forms
- New User Approve to approve users once they register
- Sassy Social Share buttons are for Email, Print LinkedIn and Twitter sharing, as well as Google+, Pinterest, WhatsApp, Facebook and over 100 more
- User Role Editor is used to change/add/delete WordPress user roles and capabilities
- WP Private Content Plus allows for advanced private content restrictions for WordPress
The SAMRA website is hosted by Afrihost on a managed dedicated server. Afrihost is icode and ISPA compliant.
3.2 SAMRA Office
SAMRA stores offline copies of all SAMRA electronic data, including personal data, in one of three ways, namely on:
- PCs and laptops: password-protected access to PCs and laptops, and to files containing personal data, and all PCs and Laptops are protected with Norton Anti-virus software
- External hard drives (backups) at the SAMRA office: password-protected access to files containing personal data
- Off-site external hard drives (backups): password-protected access to files containing personal data
- This research is conducted in strict adherence to the ESOMAR and SAMRA Code of Conduct that is available here: http://www.esomar.org/knowledge-and-standards/codes-and-guidelines.php.
- We are not trying to sell or promote anything. This is a market research survey using scientific methods and we promise that, in obtaining your cooperation, we will not mislead you about the nature of the research or how we will make use of the findings.
- The answers you give us will be treated as confidential unless you have given your consent to the contrary. In the relatively few instances where we ask you for permission to pass data on in a form which allows you to be personally identified, we will ensure that the information will be used only for research purposes.
- We will not send you unsolicited mail or pass on your e-mail addresses to others for this purpose. If we want to send you future e-mail, we will ask your explicit permission for this.
- As with all forms of market and opinion research, your cooperation is voluntary at all times. No personal information is sought from or about you, without your prior knowledge and agreement. You are entitled at any stage of the interview/questionnaire, or subsequently, to ask that part or all of the record of your interview/questionnaire be destroyed or deleted. Wherever reasonable and practical we will carry out such a request.
- We try our best not to interview children without first getting the permission of their parents, though we cannot always guarantee this to be the case.
- Our web site has security measures in place to protect the loss, misuse, and alteration of the information under our control.
- Only certain employees have access to the information you provide us. They have access only for data analysis and quality control purposes.
- You can contact us at email@example.com to discuss any problems with this survey.
- You can find out more about us at www.samra.co.za.
SAMRA is based in the Republic of South Africa and falls under the jurisdiction of the courts and the laws of the Republic of South Africa.