PRIVACY POLICY

Effective date: 15 May 2026

Controller: Glen Austin Residents Association (GARA)

Website: https://glenaustin.co.za

Information Officer: Trevor Stacay

email: info@glenaustin.co.za

  1. Purpose and scope

This Privacy Policy explains how Glen Austin Residents Association collects, uses, stores, discloses and protects personal information through our website and services. The policy describes the legal bases for processing personal information, the rights of data subjects under the Protection of Personal Information Act 4 of 2013 (POPIA), retention periods, security measures, and how to contact our Information Officer.

  1. Personal information we collect

Categories of personal information we collect:

  • Identity and contact information: name, email address, telephone number.
  • Property information: stand number, property address, valuation or rates reference.
  • Membership and petition data: membership status, petition signatures, consent records.
  • Communications: messages, complaints, photographs and documents you submit.
  • Technical data: IP address, browser type, device information, pages visited, cookies and analytics data.
  • Special personal information: sensitive categories such as health or religious beliefs are collected only with explicit consent and only when strictly necessary.

We collect personal information when you register, sign petitions, submit comments, subscribe to newsletters, contact us, or otherwise interact with our website or services.

  1. Lawful bases and purposes for processing

We process personal information only where we have a lawful basis under POPIA. The lawful bases we rely on include: consent, performance of a contract, compliance with a legal obligation, and legitimate interests. Purposes for processing include: membership administration, petition and submission management, communication and notifications, responding to enquiries, legal and regulatory compliance, website operation and analytics, and enforcement of our terms and policies.

  1. Use, disclosure and third parties

How we use personal information: to provide services, manage petitions and submissions, send administrative messages, operate the website, and improve user experience. Disclosure to third parties: we share personal information only with service providers who process data on our behalf such as website hosts, email and newsletter providers, cloud storage providers, and professional advisors. We require written agreements with processors that include POPIA‑compliant obligations. We do not sell personal information to third parties.

  1. Retention and deletion

We retain personal information only for as long as necessary for the purpose for which it was collected and to meet legal, regulatory and contractual obligations. Typical retention periods: membership records seven years, petition signatures two years after submission, complaint records five years, website analytics 24 months. When information is no longer required we will securely delete or anonymise it.

  1. Data subject rights and how to exercise them

Under POPIA you have the right to: access your personal information, request correction or deletion, object to processing, withdraw consent, request restriction of processing, and request portability of your data. To exercise any right contact our Information Officer at dpo@glenaustin.co.za. We will respond within the timeframes required by POPIA and will provide information about any fees that may apply.

  1. Security measures and breach notification

We implement reasonable technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, alteration and destruction. Measures include access controls, encryption where appropriate, secure hosting, and staff training. In the event of a data breach that creates a real risk of harm we will notify affected individuals and the Information Regulator without undue delay and in accordance with POPIA.

  1. Cookies and tracking

We use cookies and similar technologies to operate the website, remember preferences, and collect analytics. You can control cookies through your browser settings. Our cookie banner explains the categories of cookies used and how to opt out of non‑essential cookies.

  1. Children and minors

We do not knowingly collect personal information from children under 18. If a parent or guardian believes we have collected personal information about a child without consent they should contact the Information Officer and we will take steps to delete the information.

  1. Cross‑border transfers

If personal information is transferred outside South Africa we will ensure an adequate level of protection by using appropriate safeguards such as written agreements that require POPIA‑equivalent protections or by obtaining explicit consent where required.

  1. Processors and subcontractors

We maintain a list of categories of processors and require contractual safeguards that include confidentiality, security measures, and limits on further transfers. You may request information about the categories of processors we use by contacting the Information Officer.

  1. Complaints and supervisory authority

If you are dissatisfied with our handling of your personal information you may lodge a complaint with our Information Officer. You may also lodge a complaint with the Information Regulator of South Africa. Contact details for the Information Regulator are available on their official website.

  1. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be published on our website with an updated effective date. Continued use of the website after changes indicates acceptance of the revised policy.