CSIR Privacy Notice
Introduction
The Council for Scientific and Industrial Research (CSIR) is a leading scientific and technology research organisation that researches, develops, localises and diffuses technologies to accelerate socioeconomic prosperity in South Africa. The organisation’s work contributes to industrial development and supports a capable state.
Read more...
Deputy Information Officer
The CSIR has appointed a Deputy Information Officer for you to contact if you have any questions or concerns about the CSIR’s personal data protection policies, procedures and/or practices. The CSIR’s Deputy Information Officer’s contact details are as follows:
Physical Address:
627 Meiring Naude Road
Brummeria
Pretoria
Tel: 012 842 7235
Email: privacy@csir.co.za
The CSIR cares about your personal information 1 . Therefore, we provide you with this notice so that you may make an informed decision about whether or not you would like to continue using the website. This notice regulates the manner in which we collect, use, disclose, transfer and store your personal information.
Please note that by using this website you consent to this Privacy Notice. If you do not consent to this Privacy Notice, you must stop using this website immediately.
What personal information do we collect?
When you use this website, the CSIR collects the following personal information automatically (this will always be recorded without you having to do anything):
- Your IP address, browser and operating system information;
- The date and time that you accessed the website;
- Your geographic location and the pages you view while using the website; and
- Any search terms you use when using the website’s search functionality.
In addition, we collect any personal information that you voluntarily provide to the CSIR, for example, by submitting a CV, subscribing to a newsletter or making an enquiry.
What do we do with it?
The information we collect automatically is to help the CSIR to improve the functionality and content of its website.
The information we collect that you provide voluntarily is to provide you with a service or facilitate a function where your personal information is required to provide the service or fulfil the function.
Who do we share it with?
We share the personal information you provide voluntarily and the personal information we collect automatically differently.
Personal information provided voluntarily:
We do not share this personal information with third parties, unless we have a justifiable reason to do so. Typically, the third parties who will have access to your personal information are the contracted parties who assist us with the development of the website, IT maintenance and related matters.
In certain circumstances, we may be forced by law to share your personal information, for example, when served with a court order or other valid request from a lawful authority.
In other circumstances, we may share personal information that has been anonymised and it would be impossible to link the information to a specific individual.
Personal information collected automatically:
Some of the personal information that is collected automatically is collected by third parties whose technology we use to provide website functionality and acquire website analytics information. The table below lists these third parties, where they are located, details on opting out of their personal information collection and, if available, their contact details for privacy queries.
Company | Location | Opt-Out / Privacy Contact |
Google Inc.
Services: Google Analytics, DoubleClick, YouTube |
USA |
https://www.google.com/intl/en /policies/privacy/ DoubleClick: |
AddToAny | USA |
http://www.addtoany.com/privacy
|
In addition, if you make use of the social media sharing buttons on the website, your information will be automatically collected by the social media company that you use to share content (see the “Social Media Platforms and External Links” section below).
How do we collect your personal information?
With regard to the personal information we collect, we make use of a number of technologies that collect personal information automatically.
Cookies: Cookies are small files that are saved onto your computer, which track, save and store information about how you use this website. In some instances, these cookies are needed for the website to function. You can disable them in your browser, but this may interfere with the proper functioning of the website.
Google analytics: This is tracking software from Google, which we use to monitor how users interact with the website, in order for us to improve its functionality and content.
Web-server software: This delivers web pages to your browser. The web-server software will automatically collect your IP address whenever you connect to the website.
YouTube: This is software used to display videos. We do not collect personal information from you by placing these videos on our site or through you viewing them, but Google Inc. (which owns YouTube) collects personal information when videos are placed on webpages.
AddToAny: This is software that is used to place social media buttons on our website, which allows you to share content on our website through social media. We do not collect personal information by placing these buttons on our site, but the AddToAny Company does.
Social media platforms and external links
This website may make use of social media platforms, such as Facebook or LinkedIn. Whenever you make use of any such platforms on this website, please note that any personal information you share on these platforms is subject to their privacy policies and not the CSIR’s.
This website may also contain links to external (non-CSIR) websites. Whenever you click a link and are taken to an external website, note that your use of these websites is governed by their privacy policies and not the CSIR’s.
Live events and web conferences
The CSIR hosts many events throughout the year. These include conferences, school visits, demonstrations, etc. If you register for one of our events, we will collect your name and contact information, which we will store in our database(s) and use to provide you with information and services associated with the event. We process this information to fulfill the order you have made to receive the event or conference services.
If you are a presenter at one of our events, we will collect information about you, including your name, employer, contact information and photograph; and we may collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances. The CSIR relies on a legitimate interest 2 basis for collecting, storing and processing this information.
We keep a record of your participation in CSIR events as an attendee or presenter. This information may be used to provide you with information about other events and publications.
Your correspondence with the CSIR
If you correspond with us by e-mail, the postal service or another form of communication, we may retain such correspondence and use it to respond to your inquiry; to notify you of CSIR conferences, publications or other services; or to keep a record of your compliment, complaint, accommodation request and the like. As always, if you wish to have the CSIR ‘erase’ your personal information or otherwise refrain from communicating with you, please contact us at privacy@csir.co.za.
Note: If you ask the CSIR not to contact you by e-mail at a certain e-mail address, the CSIR will retain a copy of that e-mail address on its “Do Not Contact” list, in order to comply with your no-contact request.
The CSIR has a legitimate interest in maintaining the personal information of those who communicate voluntarily with it.
Securing your information
We take reasonable care to protect your personal information using reliable information security safeguards. However, you should be aware that no safeguards are 100% effective all of the time. Therefore, it is possible that your personal information may inadvertently be accessed by unauthorised or unknown persons if these safeguards be defeated or fail.
CSIR – MS Teams Privacy Notice.
Please note that the CSIR, its employees, and external parties invited to meetings and events hosted on MS Teams by the CSIR may process, store, or share Personal Information provided on and through its MS Teams platform during the organisation of virtual meetings or events; the hosting of virtual meetings or events, and while using the MS Teams chat function.
With this context in mind, please note the CSIR’s handling of such Personal Information, in compliance with the Protection of Personal Information Act 4 of 2013 (PoPIA) below.
The purpose of processing and use of Personal Information.
The CSIR processes Personal Information for the purpose of organizing virtual meetings (internal and/or external) or events and chat messaging. The CSIR may also arrange live web streaming and video or audio recording through the MS Teams platform, from time to time. Personal Information is collected and stored in Microsoft’s Cloud infrastructure solely for the purpose stated herein.
Types of Personal Information processed.
The types of Personal Information that may be processed by the CSIR are listed below:
- Content – your meetings and chat conversations, voicemail, shared files, recordings, and transcriptions.
- Profile data – data that is shared within the CSIR (e.g. e-mail address, profile picture, presence information);
- Image and/or video, should the meeting be recorded.
- Call history – a detailed history of the phone calls you make, which allows for the review of own call records.
- Call quality data – details of meetings (e.g. record of attended) and call data (e.g. call duration) are available to the CSIR system administrators. This allows the CSIR administrators to diagnose issues related to poor call quality and service usage.
- Diagnostic and service data: diagnostic data related to service usage. This information allows Microsoft to deliver the service (troubleshoot, secure, and update the product and monitor performance) as well as perform certain internal business operations, such as: determine revenue; develop metrics; determine service usage; and conduct product and capacity planning.
Responsibility for processing.
While using MS Teams through the CSIR, the CSIR and the meeting organizer are responsible for processing Personal Information. The identity of the meeting organizer will be contained in the relevant meeting or event invitation or registration tool. However, should the meeting organizer not be specified, one may contact privacy@csir.co.za providing details of the meeting or event, requesting such identity to be provided.
Access to Personal Information.
Personal Information processed by the CSIR through MS Teams is disclosed, on a strict need-to-know basis, to the following potential recipients:
- CSIR staff and external invitees to MS Team hosted meetings or events.
- The CSIR’s operators, including Microsoft and Microsoft’s operators involved in the data processing necessary to provide the service.
No other third parties will have access to the Personal Information processed by the CSIR, except if required by law.
Protection and safeguarding of Personal Information processed.
The CSIR takes appropriate technical and organisational measures to safeguard and protect Personal Information processed from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. MS Teams has been configured to preserve the confidentiality of information exchanged thereon by implementing end-to-end encryption during all communications and encryption of data at rest. Microsoft data centers are certified in several security standards, most notably, ISO 27001:2013, CSA-STAR attestation and SOC 1-2-3.
Requests for access, correction, erasure.
In terms of PoPIA, one has the right to access, rectify and erase one’s own Personal Information, as well as restrict or object to its processing.
To exercise any of these rights, simply contact the CSIR on privacy@csir.co.za and make such request. The CSIR will endeavour to ensure that such requests are actioned within one (1) month of receipt of request, unless otherwise agreed.
How long is Personal Information stored?
Personal Information is stored for as long as follow-up actions are required, in the context of the meeting or event concerned. For contacting audiences in the future in the context of CSIR’s activities, the CSIR may retain contact details in a database, specifically designed for this purpose. Should you not agree to this storage of your contact details, kindly inform the meeting or event organizer accordingly on the contact details in the invitation or registration tool, or as a last resort, the Privacy Office on priavcy@csir.co.za
Caution on the indiscriminate sharing of Personal Information.
Since the CSIR is unable to control what is shared during virtual meetings, virtual events and MS Teams chats, users are cautioned to refrain from using MS Teams to disseminate sensitive information you would prefer not to be available in public forums. Examples of sensitive information includes but is not limited to information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data (mental & physical), and information concerning a person’s sex life or sexual orientation, be that information yours or someone else’s.
Changes to this Notice
We may amend this Privacy Notice at any time. All amendments shall be posted on this website. Unless we state otherwise, the current version will replace all previous versions of this notice. It is your responsibility to check for changes each time you visit the website.
Enquiries and Requests.
Queries concerning the processing of Personal Information can be addressed to the CSIR Privacy Office on privacy@csir.co.za
How to contact us:
Privacy Office, Building 23
Physical Address
Meiring Naudé Road
Brummeria
Pretoria
South Africa
Postal Address
Privacy Office, Building 23
PO Box 395
Pretoria 0001
South Africa
Tel: 012 842 7235
Email address: privacy@csir.co.za
1 Personal Information is defined by the Protection of Personal Information Act 4 of 2013 as “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
2 As a company/organisation, we need to process personal data, in order to carry out tasks related to our business activities. The processing of personal data in this context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with an individual. In such cases, the processing of personal data can be justified on grounds of legitimate interest.