PRIVACY POLICY

PRIVACY POLICY

In order to remain an accredited association with the South African Police Service (Central Firearms Registry (SAPS [CFR]), South African Sport and Hunting Federation (SASHF) must comply with the stipulations of Regulation 2(7), 2(8), and 4(2)(a) of the Regulations (2004) of the Firearms Control Act, 2000 (Act 60 of 2000 as amended) (FCA).  These Regulations inter alia stipulate that an accredited association must maintain a register of its members, which register must contain the full names, ID number and residential address of the member.

As SASHF strictly functions in the electronic domain and paper organization, it follows that SASHF shall maintain an Electronic Members Database where it must securely capture and store the minimum of required Personal Information of its members in order for it to comply with the requirements of the FCA as stated above.  And to further also conduct its stated business in an effective and efficient manner, in order to render the high level of service delivery it stands for and as is contracted with members when they enroll for membership with the Federation.

For purposes of transparency, responsibility and accountability, the Privacy Policy following below, therefore, describes the SASHF policies on the Collection, Use, and Disclosure of Personal Information, which information is stored and maintained on the SASHF Electronic Membership Database, which in turn allows members access to the full use of the SASHF’s interactive websites and mobile applications (the "Services" or “Web Services”).

In this context SASHF is bound by, and adheres to, the stipulations of Section 14(d) of the Constitution of the Republic of South Africa, 1996 (Act 108 of 1996 as amended), and by the stipulations of specifically but not exclusively, of Chapter 3, and acknowledge and make ourselves subjected to the prescripts of Section 51, of the Protection of Personal Information Act, 2013 (Act 4 of 2013) (the PoPI Act), for as far as SASHF may use or make available the Personal Information it collects from its members.

It is, therefore, a precondition that before being accepted as member of SASHF, membership applicants will at enrolment, explicitly consent to the collection, use, and possible disclosure of their Personal Information as described in this Privacy Policy.

The terms "we", "us", and "SASHF" refer to the internet domain registered as sa-sportjag.co.za. Capitalized terms used but not defined in this Privacy Policy shall have the meanings ascribed to them in the SASHF User Terms and Conditions – see https://sa-sportjag.co.za/TermsAndConditions.php. 

  • Secure Electronic Storage of Personal Information
    • In adherence to the stipulations of Section 19 of the PoPI Act (2013), the electronic membership database of the SASHF is as secure as it can be humanly possibly be made with continuous industry relevant updates of software to enhance existing high level SASHF security measures.  These same high level of security measures are taken by the SASHF’s internationally renowned associates where SASHF keeps and maintains its electronic database on nationally and internationally based electronic computer server systems world-wide. SASHF data is secure stored on its own Dedicated Server to which they have full control. 
    • SASHF follows generally accepted industry standards to protect the Personal Information submitted and, in its possession, and especially those sections of Personal Information described as a “Unique Identifier” in the PoPI Act (2013), both during transmission and once SASHF has received it. For example, when a member enters sensitive information through SASHF Services, SASHF encrypts that information using secure socket layer technology (SSL).  (see web address https://sa-sportjag.co.za) that all data contained therein is encrypted on the highest possible levels of electronic security).
    • Although SASHF always makes good faith efforts to store Personal Information in a secure operating environment that is not open to the public, members should understand that there is no such thing as complete internet security, and SASHF cannot guarantee that there will be no unintended disclosures of a member’s Personal Information. If SASHF becomes aware that a member’s Personal Information has been disclosed in a manner not in accordance with this Privacy Policy, we will use reasonable efforts to notify the respective member or members of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted by law.
    • In Email communications from members to SASHF, additional Personal Information not originally collected, is frequently communicated inadvertently.  This kind of information will receive the same kind of security and level of protection by SASHF as are afforded all Personal Information collected and kept by SASHF.
    • MEMBERS ARE, HOWEVER, REMINDED THAT DESPITE THE SASHF‘s COMPLIANCE WITH THE PRESCRIPT RE PROTECTION OF PERSONAL INFORMATION CONTAINED IN THE PoPI ACT, SASHF CANNOT PROTECT A MEMBER’S PERSONAL INFORMATION IF THE MEMBER DOES NOT PERSONALLY TAKE CARE TO PROTECT SUCH PERSONAL INFORMATION FROM MISUSE DUE TO THE MEMBER’S USE OF OTHER WEB-BASED APPLICATIONS AND SERVICES OR DISCUSSION GROUPS S/HE MAY BE PART OF, OR PARTAKE IN, WHERE SUCH PERSONAL INFORMATION MAY OR COULD ALSO BECOME ACCESSIBLE.
  • Personal Information Collected
    • By joining SASHF, and remaining a member, a member consents to the collection of the following Personal Information, which constitutes the only Personal Information SASHF will collect in respect of its members and kept stored on its electronic members database in order for SASHF to render the services it has contracted to deliver to its members (see Sections 10 and 13 of the PoPI Act [2013]).
    • Initials, First name & Surname:  SASHF needs to know to who membership is awarded, and the Initials and Surname of a member has to reflect on all official SASHF documents which are needed for all applications made to SAPS (CFR) regarding firearm licences (despite being a requirement as stipulated by Regulation 4(2)(a) of the FCA Regulations [2004]).
    • RSA ID Number:  it (a) becomes the primary search “term” to access members’ data on the SASHF electronic members database, and (b) it will be linked to the Members’ unique Member Number which is automatically assigned upon registration, and (c) it has to reflect on all official SASHF documents which are needed for all applications made to SAPS (CFR) regarding firearm licences (despite being a requirement as stipulated by Regulation 4(2)(a) of the FCA Regulations [2004]).
    • Gender:  in order (a) for SASHF to keep statistics on membership and possible extension of needs per gender group, and (b) to be classified for the correct competition category, and (c) it has to reflect on all official SASHF documents which are needed for all applications made to the South African Police Service regarding firearm licences.
    • Language:  the member’s preferred language for communication.
    • Date of Birth:  in order for SASHF to determine membership categories and for financial and other administrative purposes (i.e. the annual national postal target shooting competition).  It is also the first six numbers of a member’s ID number, which ID number has to reflect on all official SASHF documents which are needed for all applications made to SAPS (CFR) regarding firearm licences.
    • Email address:  in order for SASHF to be able to directly communicate with members (SASHF only communicates with members via Email).  Therefore, SASHF does not accept membership applications of individuals who do not have an Email address as it would be unfair to that individual as s/he may default in many different ways due to not being in communication with SASHF. 
    • Postal address & Street address:  in order to post documents to members, and/or to courier SASHF documentation, including, but not limited to, Membership Cards to members.
    • Telephone numbers:  Specifically, Mobile Phone numbers, in order to (a) be able to urgently contact a member if need be, or to (b) communicate with a member via SMS message.
    • Electronic Location:   SASHF may collect and store information about a member’s location if a member enables his/her computer or mobile device to send SASHF location information. Members are able to change the settings on their computer or mobile device to prevent it from providing SASHF with such information.  The information is used as a mechanism for the protection of the integrity of the SASHF’s electronic communications and for SASHF electronic evaluations for the dedicates status courses it presents.
    • The Personal Information collected and stored by SASHF thus complies with the stipulations of Sections 10 and 13 of the PoPI Act (2013).  Only the minimum of a member's personal detail are retained on our system when a member resigns from the Federation to enable us to answer questions SAPS might have regarding such a member.
    • The above stated Personal Information of members, which is collected and stored by SASHF, is also in many instances, clearly not new information pertaining to an individual who has been using web-based services for a while, as such member’s Personal Information could already have been captured in one or other manner by a number of other Service Providers with which the specific member interacts with on the internet. 
    • Banking and/or other member specific financial information required for online payments are collected by the specific Service Provider rendering the service for SASHF.  The Service Provider will enter into a separate contract with the member in order to render the specific service, and it is up to the member to authorise such Service Provider to store a member’s banking or financial information as the member sees fit.  SASHF has nothing to do with these transactions a member enters into.
  • Personal Information Submitted by a Member
    • SASHF may store the information a member submits in order for him/her to be able to use the Services. SASHF uses this submitted information to fulfil a member’s requests, provide Service functionality, improve Service quality, personalize member’s experience, display relevant advertising, provide customer support, send messages to a member, back up our systems, allow for disaster recovery, and comply with stated legal obligations.
    • Account registration:  a member must provide a valid Email address and Mobile Number at enrolment in order to sign up for membership through the Services (such an account is automatically created for a member at enrolment).  Once a member has signed up for a SASHF membership, s/he will start to receive Emails from SASHF.  A member may manage his/her Email preferences and modify some of the information associated with his/her account on his/her personal profile – see https://sa-sportjag.co.za/sashfonline.php.
    • A SASHF member cannot opt out of electronically receiving required SASHF administrative or legal notices via his/her provided Email address. If a member should feel that an unauthorized account has been created depicting his or her likeness, s/he can request its removal by sending email to webmaster@sa-sportjag.co.za. In which case that account will be immediately deleted from the SASHF electronic members database, without following the normal procedures mentioned in paragraph 11 below.A person cannot sign up by logging into online accounts s/he may have with third party service providers.
    • Public Content:  Any information a member may reveal in a rating or review posting or other online discussion or forum is intentionally open to the public and is not in any way private. A member should think carefully before disclosing any Personal Information in any public forum.  Members do not have permission to disclose any Individually Identifiable Information re the SASHF in any public forum. What a member has written may be seen and/or collected by third parties and may be used by others in ways SASHF are unable to control or predict.
    • Contacts & messaging:  A member may invite friends, colleagues, businesses, and others whom s/he knows (collectively, “Associates”) to join the Federation by providing the SASHF contact information, either of the website address.
    • Members are advised that when they send an invitation to connect to an Associate or another User, that Associate or User will have access to the member’s email address because it is displayed in the invitation. The invitation may also contain other Services Content about the member, such as name and photograph, to help the User or Associate identify who is sending the invitation. A member’s SASHF connections will also have access to the member’s Email address. Members may thus not invite anyone s/he does do not know and trust, to connect with him/her.
    • All Personal Information electronically stored by SASHF is strictly in the format provided and entered by members themselves and that data will not be changed by SASHF without express request by a member in person (no such request through a third party will be given any attention or regulate any action by SASHF).
    • SASHF explicitly states that it at all times remains the responsibility of a member to ascertain that his/her contact details are up to date on the SASHF members database.  SASHF will not be held responsible should any contact details of a member change and the member has not made provable effort to either personally change such detail on his/her profile page on his/her Online Member web page, or by sending an Email to request updating of personal contact details to secretary@sa-sportjag.co.za. 
  • Information Provided on Behalf of Minors
    • In terms of the stipulations Sections 34 and 35 of the PoPI Act (2013), SASHF does not collect Personal Information of minors other than such information being submitted by the minor’s parent or legal guardian.   
    • SASHF does allow membership of minors under the age of 13 years.  A written application and a communications procedure will be entered into with the parent of guardian of such a minor when application is made for such a minor to join SASHF through his/her parent or guardian.
    • If the member is a parent or legal guardian of a minor between the ages of 13 and 18 years and needs to communicate with SASHF on that minor’s behalf, members may, in compliance with the User Terms and Conditions, use the Services on behalf of such minor child. Any Personal Information a member provides while using the Services on behalf of his/her minor will be treated as Personal Information as otherwise provided herein. 
    • If a user is under the age of 18, they should not, use the Online Membership Pages.  Enabling access to Email and Internet Services for minors remain the responsibility of parents or legal guardians of minors.
  • Electronic Activity & Use (Analytical Services)
    • SASHF may collect and store information related to a member’s use of the electronic Services it renders, such as browser type, IP address, unique device identifier, requested URL, referring URL, browser language, the pages members view, and the date and time of members’ visits.  This in order to build a picture of where SASHF can better its services to members and to remain relevant in the electronic communications era.
    • SASHF may also use third party analytics services in connection with the Web Services. For example, SASHF may use services to record mouse clicks, mouse movements, scrolling activity, and/or clicks, as well as any text that members type into the Services (collectively, “Traffic Data”). These analytics services will not collect Personal Information which members do not voluntarily enter (see SASHF Online Member Agreement - https://sa-sportjag.co.za/OnlineMemberAgreement.php) .
    • These services will not track members’ browsing habits across websites which do not use their services. SASHF will use the information collected from these services to find usability problems and to make its Services easier to use. These recordings will never identify members or their accounts.   SASHF only records anonymous user information, and stops such recording before a person signs-in or creates an account. Should SASHF decide to use any third party analytics services that track or collect Personal Information, SASHF will always provide members with advance notice and a member is then free to opt out of such a process.
  • Cookies and Similar Mechanisms
    • “Cookies” are small computer files that are transferred to a member’s computer hard drive that contain information such as user ID, user preferences, lists of pages visited and activities conducted while browsing the Services. At the member’s option and own responsibility (and possible to his/her own expense), a member may block cookies or delete cookies from his/her hard drive. However, by disabling cookies, members may not have access to the entire set of features of the Services 
    • Please see the complete SASHF Cookie Policy here:  https://sa-sportjag.co.za/CookiePolicy.php
  • Third Parties
    • SASHF does not rent, share, sell or trade Personal Information or members’ Demographic Data with third parties for marketing purposes.
    • Service Providers:  SASHF, however, has to share Personal Information and Traffic Data with its business partners who assist SASHF by performing core services (such as hosting, online payments, fulfilment, or data storage and security) related to SASHF operation of the Services and/or by making certain interactive tools available to SASHF users. Those business partners shall be, and are, bound to uphold the same standards of security and confidentiality that SASHF has promised to members in this Privacy Policy, and they will only use specific Contact Data and other Personal Information to carry out their specific business obligations to SASHF and to provide members’ requested services.
    • Business Transfers:  SASHF may from time to time have to share information of or about members with subsidiaries, joint ventures, or other companies under common control, in which case SASHF will require them to honour this Privacy Policy. If another company acquires SASHF or all, or substantially all, of its assets, that company will possess the same information, and will assume the rights and obligations with respect to that information as described in this Privacy Policy, unless SASHF notifies members otherwise.
    • Links:  The Services may contain links to unaffiliated third party websites. Except as set forth herein, SASHF does not share members’ Personal Information with them, and are not responsible for their privacy practices. SASHF suggests that members read the privacy policies on all such third party websites.
    • Trans-border information flow:  SASHF stores backups of its System on servers in specifically European countries for sake of security and for sake of effectiveness of such services rendered by international service providers.  This SASHF procedure complies with the prescripts of Section 72(1)(d) and 72(1)(e) of the PoPI Act (2013).
  • Use and Disclosure of Members’ Personal Information
    • Customization and Contact:   The objective of collecting Personal Information from members is to provide an efficient, meaningful, and customized experience. For example, SASHF can use Personal Information to: (a) help make the Services easier for members to use by not having to enter information more than once; (b) help members to quickly find information and services; (c) help SASHF to create content that is most relevant to members; and (d) alert members to new information and Services offered by SASHF.
    • SASHF may use members’ Contact Data to send members information about SASHF or on SASHF products or Services, to contact members when necessary, including to remind members of upcoming or follow-up appointments, and in conjunction with members’ use of certain interactive tools.  SASHF may use members’ Demographic Data or Traffic Data to customize and tailor members’ experience on the Services, in Emails and in other communications, displaying content that SASHF thinks members might be interested in and according to members’ preferences.
    • Due to the nature of the administrative procedures employed by SASHF, all SASHF  personnel have access to members’ Personal Information on the SASHF electronic members database.  SASHF personnel all subscribe to high ethical standards in respect of the content of this policy document, and are bound by a non-disclosure clause in their employment contracts re the possible disclosure of any SASHF electronic information to third parties and are liable in instances of transgression of that clause. 
  • Duration of Retention of Personal Information
    • Once a person has been accepted as a member of SASHF, his/her Personal Information collected at enrolment as identified under paragraph 2 above, will be stored in the format provided by the member for as long as the person remains a paid-up member, unless the member changes the contact details on his/her Online Member Web page, or requests SASHF to do so on his/her behalf.  This in order for the SASHF to be able to continuously render the contracted services to the member which s/he had joined and paid the Federation for.
    • The full Paragraph 2 disclosed Personal Information of members provided at enrolment will be stored for a maximum of five years after the last date on which the member had to update his/her membership, should the member default on payment of membership fees.  After five years of not updating membership with the Federation, a member’s Surname, Initials and ID number will permanently remain on the SASHF database for future reference should that person one day again apply for membership. All other Personal Information the SASHF has in possession re that member will be permanently deleted from the SASHF electronic members database (see 9.4 below).
    • The Surname, Initials and ID number of a member who’s membership of SASHF terminates for whatever reason, will permanently remain on the SASHF database for future reference should that person one day again apply for membership (or for administrative purposes should such a member pass away).  All other Personal Information the SASHF has in possession re that member will be permanently deleted from the SASHF electronic members database (see 9.4 below).
    • The SASHF electronic membership database, however, retains the references of all official SASHF documents issued and linked to any member at any time in the past for possible management of liability issues, and to protect SASHF against fraudulent transactions entered into by non-active former members on strength of SASHF documentation issued at the time the member was on the electronic members database marked as an active member of the Federation.
  • Changing and Deleting Personal Information 
    • As a registered User of the Services, a member may modify some of the Personal Information s/he had included in his/her profile or change his/her username by logging in and accessing his/her Online Member account. 
    • On resignation from the Federation by a member or by taking action as described in paragraph 9.2 and 9.3, SASHF will use all commercially reasonable efforts to delete a member’s account and the Personal Information in a member’s profile; however, it may be impossible to remove a member’s account without some residual information being retained on the SASHF system.
    • When a member’s account is deleted, s/he understands that removed Content may well persist in backup copies for a reasonable period of time (but will not be available to others). Furthermore, to the extent that Content about members have been shared with others, or other Users have independently uploaded and/or retained Content about a member, such Content may also remain on the Services.
    • For example, while SASHF will remove a member’s account profile and the ability for others to contact a member through the Services or access a member’s Personal Information, some Content about a member may be retained in the individual pages for groups or businesses a member could have contacted through the Services or outside of the Services.
    • Registered users who wish to close/terminate their membership with SASHF, for whatever reason, should send such a request for removal by sending an Email to secretary@sa-sportjag.co.za
  • Relevant Technical Aspects of the SASHF Members Database
    • For safety reasons data is hosted on a dedicated server (cloud based) and not on a shared server. This server is not shared with other website but dedicated to the SASHF system.
    • There is no public access to a member's data, a member or system admin must log in to access a member's data. A system admin can only be access the data through an SSL encrypted connection with a private and public key that is unique to a user’s computer. 
    • Passwords are encrypted and hashed with a salt and cannot be decrypted. (MD5[256Bit] Encryption)
    • Cookies used for authentication are encrypted.
    • Data backups are encrypted
    • Cross site request forgery prevention is implemented on authentication pages
    • Log in forms are throttled to only 3 tries per minute to prevent brute force attacks
  • Change in Control
    • SASHF may have to disclose members’ Personal Information and other information provided, to a third party as part of a sale of the assets of SASHF, a subsidiary or division of SASHF, or as the result of a change in control of SASHF. Any third party to which SASHF transfers or sells SASHF’s assets will have the right to continue to use the Personal Information and other information members had provided to SASHF.  Such third parties will, however, still strictly be bound by, and have to honour the commitments SASHF has made towards members in its Privacy Policy as this Policy may be updated from time to time.
  • Complaints Process
    • If members have any comments, concerns or questions about this Privacy Policy, please send an Email with full details to secretary@sa-sportjag.co.za.
    • If members would want to lodge complaints against the manner in which the SASHF manages and secures its electronic membership database, based on reasonable and factual grounds, they must  please contact the independent Information Regulator, appointed in terms of Section 39 of the PoPI Act (2013).
    • Members may also send complaints via an Email with full details to secretary@sa-sportjag.co.za so that the complaint can be investigated, and immediate mitigations set into motion to rectify the problem should the complaint be proven to be true.
  • Updates and Changes to Privacy Policy
    • SASHF may revise this Privacy Policy from time to time. The most current version of the Privacy Policy will govern the SASHF use of its members’ Personal Information and other information, which policy will be located at https://sa-sportjag.co.za/PrivacyPolicy.php
    • If SASHF makes any changes to this Privacy Policy, members will be notified by Email or by posting a notice on or through the Services. By continuing to access or use the Services after those changes become effective, members by default agree to be bound by the revised SASHF Privacy Policy unless they explicitly state that they do not consent to it, by sending an Email directed at secretary@sa-sportjag.co.za with reasons why they cannot agree with the changes.

Copyright February 2020 SASHF.  All rights reserved.