Notice: We have updated our Privacy Policy as of 7 June 2022.

1. INTERPRETATIONS & DEFINITIONS

The headings of the clauses in this Agreement shall not affect the interpretation of this Agreement.
The following terms shall have the following meanings assigned to them in terms of this policy:

1.1 AMIC / THE COMPANY refers to Amic Toy and Baby Botswana (Pty) Ltd t/a Toys R Us & Babies R Us, Company Number CO2014/11188 and its related entities;

1.2 COMMISSIONER refers to the Commissioner of the Information and Data Protection Commission appointed under the DPA;

1.3 COMPETENT PERSON refers to any person competent to consent to any action or decision concerning a MINOR;

1.4 CONSENT refers to any freely given, specific and informed expression of wishes of the data subject, by which the data subject agrees to the processing of PERSONAL DATA relating to him or her;

1.5 DATA CONTROLLER a public or private body or any other person which, independently or in conjunction with others, determined the purpose of and means for processing of PERSONAL DATA;

1.6 DATA PROTECTION REPRESENTATIVE the person who is appointed by the data controller to independently ensure that PERSONAL DATA is processed in a correct and lawful manner;

1.7 DATA SUBJECT The person to whom the PERSONAL DATA relates;

1.8 DPA refers to the Data Protection Act No 32 of 2018;

1.9 DIRECT MARKETING refers to directly reaching a market, customers or potential customers on a personal basis or mass media basis, and it includes attempting to locate, contact, offer and make incentives to consumers, through communication medium such as phone calls;

1.10 ELECTRONIC COMMUNICATION refers to text, voice, sound or image message sent over an electronic communications network stored in the network on their equipment;

1.11 MINOR refers to an individual under the age of eighteen (18) years of age;

1.12 PERSONAL DATA refers to information relating to an identified or identifiable individual, which individual can be identified directly or indirectly, in particular by reference to an identification number, or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity;

1.13 RECORD refers to any recorded information in whatever form in possession or under the control of the Data Controller;

1.14 SENSITIVE PERSONAL DATA refers to the following with respect to the DATA SUBJECT:

1.14.1 Racial or ethnic origin;

1.14.2 Political opinions;

1.14.3 Religious beliefs or philosophical beliefs;

1.14.4 Physical or mental health or condition;

1.14.5 Membership of a trade union;

1.14.6 Sexual life;

1.14.7 Filiation; or

1.14.8 Personal financial information,

And includes –

(a) Any commission or alleged commission by him or her of any offence;
(b) Any proceedings for any offence committed or alleged to have been committed by him or her, the disposal of such proceedings, or the sentence of any court in such proceedings; and
(c) Generic data, biometric data and the PERSONAL DATA of minors;

2. INTRODUCTION:

This document establishes the policies, principles, guidelines and procedures governing AMIC’s Privacy Policy in order for AMIC to carry out its objectives as a responsible retailer in processing of PERSONAL DATA in terms of the DPA. The DPA balances the right to privacy and the lawful processing, retention, sharing and use of such PERSONAL DATA.

3. PURPOSE:

3.1. This document establishes the policies governing the processing and recording of information of Data subjects by AMIC in terms of the DPA.

3.2. This Privacy Policy by AMIC is applicable to:

3.2.1.All of AMIC’s electronic platforms and facilities, including social media, websites, and/or email, whether owned by, established by, used by, hosted by and/or accessed by AMIC, and

3.2.2.All and any DATA SUBJECT(S) who may access and make use of the aforementioned AMIC electronic platforms and facilities, including but not limited to, AMIC’s employees and staff, consumers, customers, suppliers, service providers and third parties.

3.3. The objective of this policy is to ensure that the DATA SUBJECT’S right to privacy, with regards to:

3.3.1. The safeguarding of PERSONAL DATA;

3.3.2.The regulation of processing of information;

3.3.3.The execution of the prescribed requirements for the legal processing of PERSONAL DATA; and

3.3.4.The protection of free flow of PERSONAL DATA.
This policy constitutes the entire policy relative to the subject matter hereof and this policy cancels any prior policy with regard to the subject matter hereof unless expressly specified to the contrary. No variation of any of the terms and conditions of this policy will be of any force and effect unless committed to writing and signed by the DIRECTORS/AUTHORISED REPRESENTATIVES of the COMPANY.

4. DPA

4.1. AMIC acknowledges that it is mandatory to comply with the provisions of the DPA.

5. CRITERIA FOR THE PROCESSING OF PERSONAL DATA

5.1. The processing of PERSONAL DATA, refers to any operation or a set of operations which is taken in regard to persona data, whether or not it occurs by automatic means, and includes the collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, disclosure by transmission, dissemination, or otherwise making information available, alignment or combination, blocking, erasure or destruction of such data.

5.2. AMIC shall ensure that:

5.2.1.PERSONAL DATA is processed fairly and lawfully, and where appropriate, the data is obtained with the knowledge or consent of the DATA SUBJECT;

5.2.2.PERSONAL DATA that is collected is adequate and relevant in relation to the purposes of its processing;

5.2.3.To the extent necessary for processing, PERSONAL DATA is accurate, complete and kept up-to-date;

5.2.4.PERSONAL DATA is collected for specific, explicitly stated and legitimate purposes;

5.2.5. PERSONAL DATA is not processed for any purpose that is incompatible with the specified, explicitly stated and legitimate purposes;

5.2.6.PERSONAL DATA is protected by reasonable security safeguards against risks such as loss, unauthorised access, destruction, use, modification or disclosure;

5.2.7.Where PERSONAL DATA is incomplete or incorrect, all reasonable measures are taken to complete, correct, block or delete the PERSONAL DATA, having regard to the purposes for which it is processed;

5.2.8. PERSONAL DATA is not kept for a period longer than is necessary, having regard to the purposes for which it is processed; and

5.2.9.PERSONAL DATA is processed in accordance with good practice.

5.3. AMIC shall ensure that PERSONAL DATA of the DATA SUBJECT shall not be disclosed, made available or otherwise used for purposes other than those specified, except with the consent of the DATA SUBJECT or as may be authorised by any written law.

5.4. PERSONAL DATA shall be processed by AMIC where:

5.4.1.The DATA SUBJECT has given his or her consent in writing;

5.4.2.Processing is necessary for the performance of a contract to which the DATA SUBJECT is a party, or in order to take steps at the request of the DATA SUBJECT prior to entering into a contract;

5.4.3.Processing is necessary for compliance with a legal obligation to which the DATA CONTROLLER is subject;

5.4.4.Processing is necessary in order to protect the vital interests of the DATA SUBJECT;

5.4.5.Processing is necessary for the performance of an activity that is carried out the public interest or in the exercise of an official authorisation vested in the DATA CONTROLLER or in a third party to whom the PERSONAL DATA is disclosed; or

5.4.6.Processing is necessary for a purpose that concerns a legitimate interest of the DATA CONTROLLER, or of a third party to whom PERSONAL DATA is provided, except where such interest is overridden by the interest to protect the fundamental rights and freedoms of the DATA SUBJECT and in particular the right to privacy.

6. ACCOUNTABILITY:

6.1. The privacy and protection of our DATA SUBJECTS’ PERSONAL DATA is of paramount importance to AMIC and will only process a DATA SUBJECT’s PERSONAL DATA in accordance with the DPA.

6.2. Where the DATA SUBJECT has consented to AMIC sharing such PERSONAL DATA with a third party or DATA PROCESSOR, then such third party and/or DATA PROCESSOR will be required as a condition of receiving such information to process such information in accordance with the DPA and this Privacy Policy.

6.3. Therefore, the relevant data privacy principles as established in the DPA regarding the processing of PERSONAL DATA will apply, save for where the DPA provides for such an exception, applying to all and any information provided by AMIC, in both its electronic platform and facilities, as well as physical written information received by AMIC.

7. USE OF AMIC’S ONLINE PLATFORMS AND CONSENT TO PROCESS PERSONAL DATA:

7.1. By a DATA SUBJECT accessing and/or using AMIC’s electronic platform and facilities including all website and URL’s, any authorised sites housed under its domain names and/or social media platforms, and/or when sending or receiving email from AMIC’s email, the DATA SUBJECT:

7.1.1.Acknowledges that it has read and understood this Privacy Policy and the related provisions;

7.1.2.Agrees to be bound by this Privacy Policy; and

7.1.3.Where the DATA SUBJECT has consented to AMIC processing the required PERSONAL DATA for the relevant purpose as advised by AMIC.

8. THE RIGHTS OF A DATA SUBJECT

8.1. The DATA SUBJECT is entitled to the following rights:

8.1.1.To obtain confirmation of whether or not AMIC holds its PERSONAL DATA within a reasonable time from the time of request;

8.1.2.To be given a reason for the refusal by AMIC of a request for confirmation of whether or not AMIC holds the DATA SUBJECT’s PERSONAL DATA;

8.1.3.To challenge the refusal by AMIC of a request for confirmation of whether or not AMIC holds the DATA SUBJECT’s PERSONAL DATA;

8.1.4. To request access to and where applicable, the rectification and deletion of its PERSONAL DATA;

8.1.5.To be notified should such PERSONAL DATA be accessed or acquired by an unauthorised person;

8.1.6.To object to the processing of its PERSONAL DATA, if the processing of the PERSONAL DATA is obtained for the purposes of DIRECT MARKETING;

8.1.7.To submit a complaint to the Commissioner regarding the alleged interference regarding the protection of their PERSONAL DATA.

9. RECEIPT OF AND USE A DATA SUBJECTS PERSONAL DATA BY AMIC

9.1. The DATA SUBJECT acknowledges that it is a requirement for AMIC in certain instances for AMIC to process and record certain mandatory information in order to appropriately provide the necessary services to the various users of our online platform. This includes, but is not limited to, the following:

9.1.1.Account creations;

9.1.2.Registry creations;

9.1.3.Entering competitions;

9.1.4.Customer Care queries.

9.1.5.To enrol prospective employee applications for recruitment within our organisation.

9.2. AMIC will only request information from the DATA SUBJECT only to the extent that it is necessary in order to fulfil its services to the DATA SUBJECT.

9.3. AMIC will only process and record the DATA SUBJECT PERSONAL DATA as consented to by the DATA SUBJECT.

9.4. The purpose of processing and recording such PERSONAL DATA includes, but is not limited to, the following:

9.4.1. To verify the DATA SUBJECT’s information regarding order purchases and allowing our customer care team to assist with queries.

9.4.2. To verify and process the DATA SUBJECT’s nominated delivery address to receive goods.

9.4.3. For legal and/or contractual purposes.

9.4.4.For research and statistical purposes.

9.4.5.To improve AMIC customer service experience throughout our various stores.

9.4.6.To identify products that AMIC may find to be of interest to the DATA SUBJECT.

9.4.7.To inform the DATA SUBJECT of competitions and marketing campaigns which may be of interest to the DATA SUBJECT.

9.5. In order for AMIC to perform the purposes that the information is received, the DATA SUBJECT’s information may be shared with its employees in a secure manner, taking all reasonable precautions to avoid dissemination to any third parties.

9.6. Should the DATA SUBJECT at any time be uncertain if AMIC has processed any of its information, the may contact [email protected] in order to, upon prior sufficient identity verification, provide you with the information that we have recorded on our system. The DATA SUBJECT will then be able to verify the information or request an amendment or deletion of their information from AMIC’s systems.

9.7. AMIC will not share the DATA SUBJECT’s PERSONAL DATA with any third parties, except where:

9.7.1.The DATA SUBJECT has provided such consent to do so.

9.7.2.Where AMIC is required by operation of law to share such information.

9.7.3.The sharing of such information is essential and necessary for the protection of the information of both AMIC and the DATA SUBJECT.
Where such information is shared, AMIC will endeavour to do so in-line with the DPA and this Policy to minimise interception by any such unauthorised third parties.

9.8. Where AMIC has to transfer the DATA SUBJECT’s PERSONAL DATA outside of the border of Botswana, it will ensure that the recipient of such information is compliant with the DPA or has in place such processes and procedures of an adequate level of protection and uphold the principles of the DPA.

9.9. Existing DATA SUBJECTS who have been processed prior to the commencement date, may contact [email protected] to amended and/or delete their information on our systems.

9.10. The DATA SUBJECT’s information will only be used for marketing purposes if the DATA SUBJECT has explicitly consented to participate in such services. The DATA SUBJECT is free to withdraw their consent to such services at any time by sending such request to [email protected] who will attend to having same corrected on AMIC’s systems as soon as reasonably possible.

9.11. Existing information of DATA SUBJECTS recorded in database will be used for such marketing purposes.

10. QUALITY OF THE INFORMATION PROCESSED AND RECORDED BY AMIC

10.1. AMIC will ensure that all reasonable practical steps are taken to safeguard the integrity and accuracy of the DATA SUBJECT’s PERSONAL DATA.

10.2. As the information of the DATA SUBJECT may change due to the passage of time, it is therefore vital that the DATA SUBJECT contact AMIC and ensure that its latest information is recorded.

11. SECURITY OF THE PERSONAL DATA OF THE DATA SUBJECT

11.1. AMIC will take all reasonable efforts to keep its electronic platforms, including its website, secure at all times, however this cannot always be guaranteed.

11.2. AMIC therefore cannot be held liable for any loss and/or unauthorized use and/or interception of information transmitted via the electronic platforms beyond the control of AMIC.

11.3. AMIC is also not responsible for any links contained that may be contained on our website that originate outside of the control of AMIC.

11.4. AMIC has placed cookies on its website which will identify the DATA SUBJECTS device and allow for smooth use of its electronic platforms.

11.5. AMIC may further make use of social plugins, including but not limited to, Facebook, YouTube, Instagram, LinkedIn and Twitter, however AMIC has no influence or control over the extent of the data retrieved by the social network’s interfaces and AMIC and accordingly cannot be held liable or responsible for any processing or use of PERSONAL DATA transmitted via these social plugins. Please verify the data protection policies provided by these social networks.

11.6. AMIC’s social media and electronic platforms, including its website and telephonic facilities and the use of same will be monitored on a regular basis including the recordal and interception of content placed on or stored on said facilities which is done for security, integrity and quality assessment purposes and by using such electronic platforms and facilities you expressly acknowledge notice of such monitoring and interception and give consent thereto.

11.7. AMIC has implemented appropriate safeguards and security measures in order to protect all PERSONAL DATA recorded in its database and to protect from and/or against any unauthorized access, accidental or willful manipulation, loss and/or destruction.

11.8. However, should such a breach occur, AMIC will timeously notify the DATA subject of the breach and the appropriate actions to take should we be able to ascertain the identity of the DATA SUBJECT leak. If AMIC is unable to identify the DATA SUBJECT leak, AMIC will place an appropriate notice on its social and/or electronic platforms advising the DATA SUBJECT of the breach.

12. THIRD PARTY INFORMATION

12.1. AMIC will not be able to process any request and/or query on behalf of another DATA SUBJECT unless such request or query is accompanied with the required permission and consent form the DATA SUBJECT owner of that PERSONAL DATA.

13. PROCESSING OF MINORS PERSONAL DATA

13.1. Where a DATA SUBJECT is a MINOR and makes use of our electronic platforms, website and social media, and the DATA SUBJECT is required to complete PERSONAL DATA for processing by AMIC, it is warranted that such DATA SUBJECT does so on the consent of its parent/guardian/competent person.

14. PROCESSING OF SENSITIVE PERSONAL DATA

14.1. Where AMIC is required to process the SENSITIVE PERSONAL DATA of an individual it will only do so in the following circumstance:

14.1.1. The Processing is carried out with the written consent of the DATA SUBJECT;

14.1.2. The DATA Subject has made the PERSONAL DATA public;

14.1.3. Such processing is authorised or necessary for the purposes of exercising or performing any right or obligation imposed by of law;

14.1.4. It is necessary to protect the vital interest of a DATA SUBJECT or another person in a case where:

14.1.4.1. Consent cannot be given by or on behalf of the data subject;

14.1.4.2. The DATA CONTROLLER cannot be reasonably expected to obtain consent of the DATA SUBJECT; or

14.1.4.3. Consent by or on behalf of the DATA SUBJECT has been unreasonably withheld.

15. ACCESS TO PERSONAL DATA

15.1. The DATA SUBJECT may request from AMIC to confirm if it currently holds PERSONAL DATA of the DATA SUBJECT.

15.2. The DATA SUBJECT may then request a copy of the records from AMIC of the information held and to notify the DATA SUBJECT of all parties that have/had access to the information, within a reasonable time, and reasonable manner and format upon payment of the prescribed fee (if applicable).

15.3. Should a prescribed fee be required this will be informed to the DATA SUBJECT prior making such records available.

16. DESTRUCTION OF RECORDS

16.1. Information processed and recorded by AMIC will be retained for the duration required to achieve the purpose for which such information is processed. Once the objective for which the information is obtained is achieved such information will be promptly deleted to the extent that it is not prohibited by law.

16.2. Where such information is retained for historical/statistical purposes, only that such information will be retained and all other information identifying the DATA SUBJECT will be deleted.

17. RETENTION AND RESTRICTION OF RECORDS

17.1. The PERSONAL DATA processed and recorded as obtained from the DATA SUBJECT will not be retained for a period longer than is necessary to achieve the purpose for which the information has been obtained, unless:

17.1.1. Authorised by law;

17.1.2. AMIC requires the record for lawful purposes related to its function or activities;

17.1.3. Retention of record is required by contract between the parties;

17.1.4. The DATA SUBJECT or a COMPETENT PERSON has consented to the retention of such records.

17.2. AMIC will endeavour to destroy/delete such records containing PERSONAL DATA or de-identify such person as soon as reasonably practicable when AMIC is no longer authorised to retain such records.

18. NOTIFICATION OF SECURITY COMPROMISES

18.1. Upon AMIC being provided with reasonable grounds to believe that the PERSONAL DATA of a DATA SUBJECT has been accessed or acquired by any unauthorised person, AMIC will notify the Commissioner without delay.

18.2. Should AMIC be required by the Commissioner to notify the DATA SUBJECT, AMIC will do so in writing by sending such notice in the most appropriate measure to bring this to the attention of the DATA SUBJECT as follows:

18.2.1. The last known physical or postal address;

18.2.2. Last known email address;

18.2.3. Place such notice on a prominent position on the website;

18.2.4. Publishing such notice in the news and media;

18.2.5. Or as directed by the Commissioner.

19. CONTACT

Should you require any further information and/or clarity, please send through your email [email protected] where we will timeously attend to your request.