Toggle Nav
My Cart
Search
Menu
Account
Settings

Terms and Conditions

Privacy Policy

Coca-Cola Beverages Africa (Pty) Ltd, its affiliates, controlled subsidiaries and entities in which it either owns a majority interest or manages operations (collectively referred to as “CCBA”) respects the privacy of its stakeholders and is committed to protecting it in accordance with the Protection of Personal Information Act No. 4 of 2013 (POPIA) and any other applicable data protection laws. This Privacy Policy (“Policy”) sets out the minimum basis for CCBA and its Personnel with respect to the Processing of Personal Information and provides appropriate and consistent safeguards for the handling of Personal Information.

Introduction

CCBA for the purposes of carrying out its business and related objectives, does and will from time to time, process the Personal Information of living individuals and legal entities, including public and private entities, such as Personal Information relating to employees and staff, prospective employees and job applicants, students and interns, service providers and contractors, vendors, customers, and other third parties. CCBA is obligated to comply with Applicable Data Protection Laws and the data protection conditions set out therein with respect to the processing of all and any Personal Information. This Policy describes how CCBA will discharge its duties to ensure continuing compliance with Applicable Data Protection Laws in general and the information protection conditions and rights of Data Subjects.

Key Terms & Definitions

  • "Applicable Data Protection Laws" means all applicable laws and regulations in relation to data protection, privacy and/or the recording, monitoring or interception of communication
  • "CCBA" means Coca-Cola Beverages Africa (Pty) Ltd, its affiliates, controlled subsidiaries and entities in which it either owns a majority interest or manages operations, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information
  • "Controlling CCBA Company" means Coca-Cola Beverages Africa (Pty) Ltd
  • "Data Subject/s" means any living natural person or existing juristic person who can be identified, directly or indirectly, via an identifier such as a name, ID number, registration number, email address, location data etc.
  • "Information Officer" or "Data Protection Officer" has the meaning as set out in section 5.1 of this Policy
  • "Personal Information" has the meaning as defined in Applicable Data Protection Laws
  • "Personnel" means any and all employees, interns, trainees and other employees of any kind who work for CCBA
  • "Processing" has the meaning as defined in Applicable Data Protection Law
  • "Process" and "Processed" shall have corresponding meanings
  • "Operator/s" or "Processor/s" has the meaning as defined in Applicable Data Protection Laws
  • "Recipient/s" is any natural or legal person, public authority, agency or another body, to which Personal Information is disclosed, whether a third party or not
  • "Responsible Party" or “Controller” means the party that determines the purpose of and means for processing Personal Information
  • "Special Personal Information" or "Sensitive Personal Information" has the meaning as defined in Applicable Data Protection Laws
  • "third party" means a natural or legal person, public authority, agency or body other than the Data Subject, and other than the Controlling CCBA Company, Operator / Processor and other persons who, under the direct authority of the Controlling CCBA Company or an Operator / Processor, are authorized to process Personal Information

Basic Principles Of Data Processing

CCBA, its Personnel and its Operators / Processors respect the privacy rights and interests of each Data Subject and adhere to the following data protection conditions when Processing Personal Information:

  • Accountability: The Responsible Party must ensure compliance with POPIA. A data protection policy must be established. An internal information officer to champion compliance with POPIA must be appointed.
  • Processing limitation: The collection of Personal Information must: Not be excessive, Be legally justifiable, Not be collected from third parties without good reason, The Responsible Party must develop procedures / policies to ensure that Personal Information is processed in a “reasonable manner”
  • Purpose specification: Personal Information must only be collected in connection with a specific purpose related to the function or activity of the Responsible Party collecting the information. Personal information must not be stored for longer than necessary.
  • Restriction on further processing: Once Personal Information has been collected and lawful processing has occurred, the Responsible Party may only further process that data in limited circumstances. These limited circumstances are determined based on whether the purpose of the further processing is “compatible” with the previously defined purpose.
  • Information quality: The Responsible Party must ensure that any Personal Information in its possession is complete, accurate, not misleading and updated when necessary. In maintaining information quality, the Responsible Party must consider the purpose for which the Personal Information is collected or further processed.
  • Openness: The Responsible Party must take reasonably practicable steps to ensure that Data Subject are aware that their Personal Information is being processed and the reason for such processing.
  • Security Safeguards: The Responsible Party must secure the integrity and confidentiality of any Personal Information in its possession or under its control by taking appropriate and reasonable technical and organizational measures to prevent loss, damage, unauthorized destruction of, and unlawful access to the Personal Information in its possession.
  • Data Subject Participation: Data Subjects must be allowed access to their personal information and to request that Personal Information is corrected, updated or deleted if inaccurate.

Any Personnel acting under the authority of CCBA, who has access to Personal Information, will not process Personal Information except on instructions from CCBA. Access to internal CCBA systems that contain Personal Information is limited to a select group of authorized CCBA Personnel who have a business need to access particular Personal Information. Personnel are given access to such systems through the use of a unique identifier and password and other access control mechanisms.

Personnel who require permanent or regular access to Personal Information are bound by non-disclosure and confidentiality agreements, instructions and policies intended to protect the confidentiality of Personal Information.

Appropriate training will be provided to Personnel who have permanent or regular access to Personal Information or who are involved in the Processing of Personal Information.

Purpose Of Data Processing And Justification Basis

CCBA will Process Personal Information only in the following limited circumstances:

  • Where the Data Subject, or a competent person where the Data Subject is a child, consents to the Processing;
  • where the Processing is necessary for CCBA’s performance, execution or termination of a contract to which the relevant Data Subject is a party, or in order to take steps at the request of the Data Subject before entering into such a contract;
  • where the Processing is necessary for compliance with a legal obligation arising under the law to which CCBA is subject;
  • where Processing of Personal Information is necessary for the purposes of legitimate interests pursued by CCBA or a third party, unless the interests of the Data Subject are overridden, in the circumstances, by the privacy-related interests or fundamental rights and freedoms of the relevant Data Subject. Legitimate interests could be a lawful basis for Processing, when the Data Subject can reasonably expect at the time and in the context of the collection of his/her Personal Information that Processing for a given purpose may take place. Examples of purposes of Processing that could be based on the legitimate interests include, but are not limited to: fraud detection, responses to requests of individuals, protection of CCBA's interests (e.g. to respond to requests from government agencies);
  • where the Processing is necessary in order to protect the vital interests of a Data Subject; or
  • where the Processing is necessary for the performance of a task carried out in the public interest or in the exercise of a public law duty by a public body.

Processing operations falling under one of the points set out in section 4.1 above, notably include the following, and CCBA will use the Personal Information it collected about a Data Subject for the following purposes:

  • Providing products and services as requested by customers and consumers, including sending of marketing communications to Data Subjects;
  • Personalising marketing communications to Data Subjects;
  • Allowing Data Subjects to register and participate in promotions, special offers, loyalty programs, prize draws etc.;
  • Data analytics to derive trends and improve CCBA products and services;
  • Concluding contracts and business transactions;
  • Confirming, verifying and updating Data Subject details;
  • Managing the CCBA workforce, including providing benefits and entitlements (such as compensation and benefits) to Personnel;
  • Complying with employment and labour laws, regulations, and requirements;
  • Communicating with Data Subjects including Personnel, business partners, consumers and customers;
  • Conducting criminal reference checks and/or conducting credit reference searches or verifications;
  • Protecting the rights and freedoms of CCBA, its customers, consumers, business partners, and Personnel;
  • For the detection and prevention of fraud, crime, money laundering or other malpractice;
  • Processing operations in the context of mergers, acquisitions and other corporate operations;
  • Complying with legal requirements;
  • Protecting and enhancing the security and safety of CCBA and individuals including customers, consumers, business partners, and Personnel; or
  • Processing carried out in the context of the use of cookies and similar technologies.

Non-exhaustive list. Final copy and Terms and Conditions to be added