Purpose of this privacy notice

As The Point Water Sports Club must meet it contractual, statutory and administrative obligations. We are committed to ensuring that the personal data of our customers and members is handled in accordance with the principles set out in the Protection of Personal Information Act 4 of 2013 (“POPIA”).

We are required under POPIA to notify you of the information contained in this Privacy Notice.

This Privacy Notice tells you what to expect when The Point Water Sports Club collects personal information about you as a customer or member of The Point Water Sports Club.

The Point Water Sports Club is the controller and Responsible Party for this information unless this notice specifically states otherwise.

This notice should be read in conjunction with our Master Privacy Policy accessible on request. When the appropriate we will provide a ‘just in time” notice to cover any additional processing activities not mentioned in this document.

Who this Privacy Notice applies to;

It applies to all prospective and existing members and customers of The Point Water Sports Club.

Key Definitions

Responsible Party – means the party who determines the essential means and purpose for processing your information.

Operator – the party who processes personal information on behalf of the Responsible Party.

Data Subject – the person to who the personal information processed relates to.

1. How do we get your information?
1.1 We get information about you from the following sources:
1.1.1 Directly from you through our interactions with you.
1.1.2 Our Customer Application Form
1.1.3 Third Parties, such as banks and credit bureaus, where permitted.

2. What personal information we process and why.
We process the following categories of personal information
2.1 Information related to your member or customer profile

We use the below information as follows


Type of Information


Legal Basis

Personal contact details of directors, members,
partners or trustees – such as their names, addresses, contact and
telephone numbers (landline & mobile) and email addresses

To contact you regarding your account and any goods
and/or services provided to you

To comply with our legal obligations; and to carry
out our contract with you.

Date of birth, gender and ID number, including copy
of ID/Passport or similar photographic identification and proof of

To verify your identity as a representative of the
applicant and to comply with the National Credit Act

To comply with our legal obligation

Business name, address, registration number & VAT

To verify the identity of the applicant for the
delivery of services and/or goods rendered on approval; for tax &
invoicing purposes

To comply with our legal obligations; and to carry
out our contract with you

A failure to provide us with this mandatory information may result in us being unable to approve your membership, as we would be unable to comply with our obligations.

3. Lawful basis for processing your personal information
In addition to the basis explained above and depending on the processing activity, we rely on the Section 11 of POPIA as the lawful basis for processing your personal information.

3.1 where it is necessary to carry out actions for the conclusion or performance of a contract with you.
3.2 so, we can comply with our statutory and legal obligations as an employer.
3.3 to protect your legitimate interests or those of another person.
3.4 to pursue our legitimate interests in a proportionate manner.

4. Processing of special personal information
We generally do not process your special personal information. However, when we do, we will rely on the following additional lawful basis under POPIA:
• Sec 27 – General authorization concerning the special personal information
• Sec 29 – Authorization concerning data subject’s race or ethnic origin.
• Sec 33 – Authorization concerning data subject’s criminal behavior or biometric information.

5. How long do we keep your personal information and how is it secured?

The Point Water Sports Club will only keep your personal information for as long as necessary to achieve the above stated purposes, or where a longer period is prescribed by law. Our general data retention periods are explained below:
• Customer information – we retain, for 5 (five) years from the date of the last entry or document on file, all accounting records, files, transactions and documents relating to matters dealt with by The Point Water Sports Club on your behalf.
• Customer contact information – contact information may be retained while you are a customer

6. Information sharing
6.1 In some circumstances, such as a court order, we are legally obliged to share information. We may also share information about you with third parties including government agencies and external auditors
6.2 We may also share your personal information with banks strictly for the purpose of verifying your identity per our legal obligations.

7. Do we use any operators (External Processors)?
7.1 we use external processors (‘Operators”) for certain processing activities and assist in the performance of our legal obligations as a company.
7.2 We reserve the right to change our operators at any time without further notice to you, but we will ensure our operators are bound by this privacy notice and our data protection policy, or similar terms providing the same or higher level of protection. Such external processing activities include, but are not limited to:
7.2.1 IT Systems & infrastructure
7.2.2 Debt collection services
7.2.3 Hosting and email infrastructure
7.2.4 Credit reference agencies

7.3 We conduct strict due diligence procedures in respect of our external operators prior to forming a business relationship. We also obtain company documents and references to ensure the operator is adequate, appropriate and effective for the task we employ them for.

7.4 A list of our current processors can be found at Annexure A

8. Your rights in relation to this processing

8.1 Data protection laws may grant you with, among others, the following rights:
8.1.1 Notification of collection or authorized access – to be notified that your personal information is being collected, or has been accessed by an unauthorized person
8.1.2 Request access to your personal information – enabling you to receive a copy of the personal information retained about you
8.1.3 Request the correction of your personal information – to ensure incomplete or inaccurate personal information is corrected
8.1.4 Request erasure of your personal information – where there is no lawful basis for the retention or continued processing of your personal information
8.1.5 Object to the processing of your personal information for a legitimate interest (or those of a third party) – under certain conditions where you feel it impacts your fundamental rights and freedoms
8.1.6 Request to restriction of processing of your personal information – to restrict or suspend the processing of your personal information to limited circumstances
8.1.7 Withdraw consent given in respect of the processing of your personal information at any time – withdrawal of consent will not affect the lawfulness of any processing carried out before your withdrawal notice. But may not affect the continued processing of your personal information in instances where your consent is not required
8.1.8 Lodge a complaint – to our information officer and the information regulator as the relevant supervisory authority
8.1.9 Institute civil legal proceedings – regarding the alleged interference with the protection of your personal information
To not be subjected to:
8.1.10 automated processing – and decisions solely based on such automation intended for profiling you
8.1.11 direct marketing – by means of unsolicited electronic communications except where permitted under POPIA

9. Transfer of personal data

We do not routinely transfer employee personal information outside of the Republic of South Africa, but when this is necessary, we ensure that we have appropriate safeguards and contractual arrangements in place.

10. Queries, Complaints, and information regulator

If you have any questions or complaints about your privacy rights of this privacy notice, please address your concerns to our information officer. If you feel our attempts at resolving the matter have been inadequate, you may lodge a complaint with the South African Information Regulator through their website hhtp://www.justice.gov.za/inforeg/.

Annexure A – Operator (External Processors)

External processors are third parties who provide certain parts of our staff services for us. We have contracts in place with them and they cannot do anything with your personal information unless we have instructed them to do so. Our current external processors are listed below.

We may appoint other external processors not listed in the below table where is permitted to do so in terms of POPIA

Item Operator Purpose for Processing
1 Daisy CCTV and Encrypted backups