PRIVACY PORTAL
- Personal information must be processed lawfully and in a reasonable manner that does not infringe the privacy of the data subject.
- Personal information may only be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.
- Personal information may only be processed if—
- the data subject or a competent person where the data subject is a child consents to the processing;
- processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
- processing complies with an obligation imposed by law on Xpatweb;
- processing protects a legitimate interest of the data subject;
- processing is necessary for the proper performance of a public law duty by a public body; or
- processing is necessary for pursuing the legitimate interests of Xpatweb or of a third party to whom the information is supplied.
- The data subject or competent person may withdraw his, her or its consent, provided that the lawfulness of the processing of personal information before such withdrawal or the processing of personal information will not be affected.
- A data subject may object, at any time, to the processing of personal information—
- on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing; or
- for purposes of direct marketing other than direct marketing by means of unsolicited electronic communications.
- If a data subject has objected to the processing of personal information, Xpatweb may no longer process the personal information.
- Personal information must be collected directly from the data subject, except if—
- the information is contained in or derived from a public record or has deliberately been made public by the data subject;
- the data subject or a competent person where the data subject is a child has consented to the collection of the information from another source;
- collection of the information from another source would not prejudice a legitimate interest of the data subject;
- collection of the information from another source is necessary—
- to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences;
- to comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue as defined in section 1 of the South African Revenue Service Act, 1997;
- for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated;
- in the interests of national security; or
- to maintain the legitimate interests of Xpatweb or of a third party to whom the information is supplied;
- compliance would prejudice a lawful purpose of the collection; or
- compliance is not reasonably practicable in the circumstances of the particular case.
- Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of Xpatweb.
- Records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless—
- retention of the record is required or authorised by law;
- Xpatweb reasonably requires the record for lawful purposes related to its functions or activities;
- retention of the record is required by a contract between the parties thereto; or
- the data subject or a competent person where the data subject is a child has consented to the retention of the record.
- Records of personal information may be retained for historical, statistical or research purposes if Xpatweb has established appropriate safeguards against the records being used for any other purposes.
- Xpatweb must destroy or delete a record of personal information or de-identify it as soon as reasonably practicable after Xpatweb is no longer authorised to retain the record.
- Further processing of personal information must be in accordance or compatible with the purpose for which it was collected.
- Xpatweb must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.
-
- Xpatweb must maintain the documentation of all processing operations under its responsibility.
- If personal information is collected, Xpatweb must take reasonably practicable steps to ensure that the data subject is aware of—
- the information being collected and where the information is not collected from the data subject, the source from which it is collected;
- the name and address of Xpatweb;
- the purpose for which the information is being collected;
- whether or not the supply of the information by that data subject is voluntary or mandatory;
- the consequences of failure to provide the information;
- any particular law authorising or requiring the collection of the information;
- the fact that, where applicable, Xpatweb intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation;
- any further information such as the—
- recipient or category of recipients of the information;
- nature or category of the information;
- existence of the right of access to and the right to rectify the information collected;
- existence of the right to object to the processing of personal information; and
- right to lodge a complaint to the Information Regulator and the contact details of the Information Regulator, which is necessary, having regard to the specific circumstances in which the information is or is not to be processed, to enable processing in respect of the data subject to be reasonable.
- It is not necessary for Xpatweb to make the data subject aware of its data processing if—
-
-
- the data subject or a competent person where the data subject is a child has provided consent for the non-compliance;
- non-compliance would not prejudice the legitimate interests of the data subject as set out in terms of this Act;
- non-compliance is necessary—
- to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences;
- to comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue as defined in section 1 of the South African Revenue Service Act, 1997;
- for the conduct of proceedings in any court or tribunal that have been commenced or are reasonably contemplated; or
- in the interests of national security;
- compliance would prejudice a lawful purpose of the collection;
- compliance is not reasonably practicable in the circumstances of the particular case; or
- the information will—
-
-
-
- Xpatweb must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent—
- loss of, damage to or unauthorised destruction of personal information; and
- unlawful access to or processing of personal information.
- Xpatweb must take reasonable measures to—
- identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control;
- establish and maintain appropriate safeguards against the risks identified;
- regularly verify that the safeguards are effectively implemented; and
- ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
- The responsible party must have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.
- Xpatweb must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent—
-
-
- Where Xpatweb acts as an operator, it must—
- process such information only with the knowledge or authorisation of responsible party; and
- treat personal information which comes to their knowledge as confidential and must not disclose it,
- Where Xpatweb acts as an operator, it must—
-
-
- A responsible party must, in terms of a written contract between the responsible party and Xpatweb (as the operator), ensure that Xpatweb establishes and maintains the security measures referred to POPI.
- Xpatweb (as operator) must notify the responsible party immediately where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person.
-
-
-
- Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, Xpatweb must notify—
- the Regulator; and
- the data subject, unless the identity of such data subject cannot be established.
- The notification to a data subject must be in writing and communicated to the data subject in at least one of the following ways:
- Mailed to the data subject’s last known physical or postal address;
- sent by e-mail to the data subject’s last known e-mail address;
- placed in a prominent position on the website of Xpatweb;
- published in the news media; or
- as may be directed by the Regulator.
- The notification must provide sufficient information to allow the data subject to take protective measures against the potential consequences of the compromise, including—
- a description of the possible consequences of the security compromise;
- a description of the measures that Xpatweb intends to take or has taken to address the security compromise;
- a recommendation with regard to the measures to be taken by the data subject to mitigate the possible adverse effects of the security compromise; and
- if known to Xpatweb, the identity of the unauthorised person who may have accessed or acquired the personal information.
- Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, Xpatweb must notify—
-
-
-
- A data subject, having provided adequate proof of identity, has the right to—
- request Xpatweb to confirm, free of charge, whether or not Xpatweb holds personal information about the data subject; and
- request from Xpatweb the record or a description of the personal information about the data subject held by Xpatweb, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.
- If, in response to a request, personal information is communicated to a data subject, the data subject must be advised of the right to request the correction of information.
- Xpatweb may or must refuse, as the case may be, to disclose any information requested to which the grounds for refusal of access to records set out in the applicable sections of Chapter 4 of Part 2 and Chapter 4 of Part 3 of the Promotion of Access to Information Act
- A data subject may, in the prescribed manner, request Xpatweb to—
- correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
- destroy or delete a record of personal information about the data subject that Xpatweb is no longer authorised to retain.
- On receipt of a request, Xpatweb must, as soon as reasonably practicable—
- correct the information;
- destroy or delete the information;
- provide the data subject, to his or her satisfaction, with credible evidence in support of the information; or
- where agreement cannot be reached between Xpatweb and the data subject, and if the data subject so requests, take such steps as are reasonable in the circumstances, to attach to the information in such a manner that it will always be read with the information, an indication that a correction of the information has been requested but has not been made.
- If Xpatweb has taken steps that result in a change to the information and the changed information has an impact on decisions that have been or will be taken in respect of the data subject in question, Xpatweb must, if reasonably practicable, inform each person or body or responsible party to whom the personal information has been disclosed of those steps.
- Xpatweb must notify a data subject, who has made a request, of the action taken as a result of the request.
- A data subject, having provided adequate proof of identity, has the right to—
-
-
-
- Xpatweb may not process personal information concerning—
- the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or
- the criminal behaviour of a data subject to the extent that such information relates to—
-
-
- the alleged commission by a data subject of any offence; or
- any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.
-
- Xpatweb may not process personal information concerning—
-
- The prohibition on processing personal information does not apply if the—
- processing is carried out with the consent of a data subject;
- processing is necessary for the establishment, exercise or defence of a right or obligation in law;
- processing is necessary to comply with an obligation of international public law;
- processing is for historical, statistical or research purposes to the extent that—
-
-
- the purpose serves a public interest and the processing is necessary for the purpose concerned; or
- it appears to be impossible or would involve a disproportionate effort to ask for consent,
- and sufficient guarantees are provided for to ensure that the processing does not adversely affect the individual privacy of the data subject to a disproportionate extent;
-
- The prohibition on processing personal information does not apply if the—
-
- The prohibition on processing personal information concerning a data subject’s race or ethnic origin does not apply if the processing is carried out to—
- identify data subjects and only when this is essential for that purpose; and
- comply with laws and other measures designed to protect or advance persons, or categories of persons, disadvantaged by unfair discrimination.
-
-
-
- Xpatweb may not process personal information concerning a child.
- The prohibition on processing personal information of children does not apply if the processing is—
- carried out with the prior consent of a competent person;
- necessary for the establishment, exercise or defence of a right or obligation in law;
- necessary to comply with an obligation of international public law;
- for historical, statistical or research purposes to the extent that—
-
-
- the purpose serves a public interest and the processing is necessary for the purpose concerned; or
- it appears to be impossible or would involve a disproportionate effort to ask for consent,
- and sufficient guarantees are provided for to ensure that the processing does not adversely affect the individual privacy of the child to a disproportionate extent; or
-
-
-
-
- The processing of personal information of a data subject for the purpose of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail is prohibited unless the data subject—
- has given his, her or its consent to the processing; or
- is a customer of Xpatweb.
- Xpatweb may approach a data subject—
- whose consent is required; and
- who has not previously withheld such consent,
- The processing of personal information of a data subject for the purpose of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail is prohibited unless the data subject—
-
-
-
- The data subject’s consent must be requested in the prescribed manner and form.
- Xpatweb may only process the personal information of a data subject who is a customer of Xpatweb –
-
-
- if Xpatweb has obtained the contact details of the data subject in the context of the sale of a product or service;
- for the purpose of direct marketing of Xpatweb’s own similar products or services; and
- if the data subject has been given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality, to such use of his, her or its electronic details—
- at the time when the information was collected; and
- on the occasion of each communication with the data subject for the purpose of marketing if the data subject has not initially refused such use.
- Any communication for the purpose of direct marketing must contain—
- details of the identity of the sender or the person on whose behalf the communication has been sent; and
- an address or other contact details to which the recipient may send a request that such communications cease.
-
-
-
-
- Xpatweb in the Republic may not transfer personal information about a data subject to a third party who is in a foreign country unless—
- the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection that—
- effectively upholds principles for reasonable processing of the information that are substantially similar to the conditions for the lawful processing of personal information relating to a data subject who is a natural person and, where applicable, a juristic person; and
- includes provisions, that are substantially similar to this section, relating to the further transfer of personal information from the recipient to third parties who are in a foreign country;
- the data subject consents to the transfer;
- the transfer is necessary for the performance of a contract between the data subject and Xpatweb, or for the implementation of pre-contractual measures taken in response to the data subject’s request;
- the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between Xpatweb and a third party; or
- the transfer is for the benefit of the data subject, and—
- it is not reasonably practicable to obtain the consent of the data subject to that transfer; and
- if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.
- the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection that—
- For the purpose of this provision—
- ‘‘binding corporate rules’’ means personal information processing policies, within a group of undertakings, which are adhered to by a responsible party or operator within that group of undertakings when transferring personal information to a responsible party or operator within that same group of undertakings in a foreign country; and
- ‘‘group of undertakings’’ means a controlling undertaking and its controlled undertaking
- Xpatweb in the Republic may not transfer personal information about a data subject to a third party who is in a foreign country unless—
-
| Cookie type | Purpose |
| Strictly Necessary Cookies | Essential to the operation of our Site and its functions |
| Analytics Cookies | Enable us to gather information that will help us to improve our Site and your experience of it (for example: what features you use, how easily you are able to navigate the site). |
| Functionality Cookies | Enable us to record your use of the Site, such as the choices you have made and remember your preferences to tailor the Site. |
| Persistent Cookies | Persistent cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit our Site. Any of the above cookies may be a persistent cookie |
| Session Cookies | Session cookies are temporary and only remain on your computer or device for the duration you spend on our Site. Session cookies are deleted when you close your browser. |
The information provided in this site is not intended to constitute tax advisory or legal advice and you use it as such, at your own risk. Xpatweb Travel, a division of Xpatweb (“the Company”) accepts no responsibility or liability for damages arising from the use of the information. If tax advisory and legal advice is required on any issue, you should contact us.
We and our affiliates, shareholders, agents, consultants or employees are not liable for any damages whatsoever relating to your use of this site or the information contained on this site or your inability to use this site. This includes, without limitation, any direct, indirect, special, incidental, consequential or punitive damages, whether arising out of contract, statute, delict or otherwise and regardless of whether we were expressly advised of the possibility of such loss or damage.
ACCEPTANCE
These Terms and Conditions become effective when you access the site for the first time and constitute a binding agreement between the Company, including its subsidiaries and affiliates and yourself, which will always prevail. The updated version of these terms and conditions governs our respective rights and obligations each time you access this site.
Users are encouraged to refer to these terms and conditions before using the site as they may be updated from time to time.
NATURE OF INFORMATION ON THE SITE
All information on this site is only intended to provide you with general information about the Company. Nothing contained on this site constitutes an offer or agreement to enter into any transaction, nor does it constitute guidance, a proposal or recommendation to enter into any transaction.
All information is provided “as is” and should not be treated as professional, tax or legal advice of any kind. You should consult one of our professionals which comprise of admitted attorneys, chartered accountants, tax specialists and international mobility professionals before relying on any information on this site.
CONTENT YOU PROVIDE
All information submitted by you must be and must remain true, accurate, current and complete. You shall not misrepresent your identity.
By using the site, you grant us the right to use information, data, materials or other content you provide to us to be uploaded via the site or which you have provided for the purposes of rendering the services and such other purposes as set out in the privacy policy.
COMMUNICATIONS THAT ORIGINATE FROM YOU
We may assume that all electronic communications which reasonably appear to originate from You or a person You have told Us is authorised to act on Your behalf are in fact from You and the form in which We receive the communication is the same as when it was first dispatched.
INFORMATION FEEDS
We may use the services of other organisations to provide information on the site. We have no control over this information and make no representations or warranties of any nature as to its accuracy, appropriateness, or correctness. You agree that such information is provided “as is” and we will not be directly or indirectly liable for any damages that may arise from your reliance on it.
LINKED SITES
This site may contain links to other sites. While we try to provide links only to reputable sites, we cannot accept responsibility or liability for the information provided on other sites. Where you access a third-party site, you do so at your own risk.
PERMISSION FOR HYPERLINKS, DEEP LINKING, CRAWLERS AND METATAGS
Nobody may establish a hyperlink, frame, metatag or similar reference, whether electronically or otherwise (collectively referred to as linking), to this site or any subsidiary pages before receiving our prior written approval, which may be withheld or granted subject to the conditions we specify from time to time.
An application for linking must be submitted to christo@taxconsulting.co.za, alternatively privacy@xpatweb.com. Once received we will do our best to respond and enter into further discussions with you. If you don’t get a written response from us within ten business days, consider your request as having been rejected.
Breach of these conditions entitles us to take legal action without prior notice to you and you agree to reimburse the costs associated with such legal action to us on an attorney and own client scale.
YOUR PERSONAL INFORMATION
We will protect and use your personal information in accordance with our privacy policy.
INFORMATION ABOUT USE OF COOKIES
Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with the best experience when you browse our site and allows us to improve our site functionality. By using our site, you are agreeing to the use of cookies as set out in our cookies policy.
OUR INTELLECTUAL PROPERTY
This site may contain the intellectual property of the Company, its subsidiaries or affiliates and may not be reproduced or disseminated in whole or in part without the Company’s written consent. We retain all copyright and other intellectual property rights in all material, including logos and other graphics and multimedia works published on or via the site.
Nothing on this site should be construed as granting any licence or right to use any trademark without our prior written permission and/or that of third parties, as the case may be. You may not, without our prior written permission, use our intellectual property or that of third parties for any other purposes.
An application to use our intellectual property must be submitted to privacy@xpatweb.com. Upon receiving your application, we will do our best to respond and enter into further discussions with you. If you don’t get a written response from us within ten business days, consider your request as having been rejected.
Irrespective of the existence of copyright, you acknowledge that we are the proprietor of all material on the site, whether it constitutes confidential information or not, and that you have no right, title or interest in any such material.
TRANSMISSION OF INFORMATION
As we do not have the ability to prevent unlawful activities by unscrupulous persons, you accept that we cannot be held liable for any loss, harm or damage suffered by you as a result of such activities.
TERMINATION, SUSPENSION AND LIMITATION
We may modify, suspend or discontinue the site, whether temporarily or permanently, without notice to you. We may also impose limits or conditions on the right to certain services, features or functions and we may restrict access to parts of or all of the services on the site.
NO WARRANTIES OR REPRESENTATIONS
We do not warrant that the site will be error-free or will meet any particular criteria of accuracy, completeness or reliability of information, performance or quality.
HOW DISPUTES WILL BE RESOLVED
All disputes arising as a result of your use of the site or on the interpretation of these conditions or on any matter which in terms of the conditions requires agreement by the parties, (other than where an interdict is sought or urgent relief may be obtained from a court of competent jurisdiction), will be submitted to and decided by arbitration.
That arbitration will be held with only the parties and their representatives present at the offices of the Arbitration Foundation of Southern Africa, Sandton, Gauteng, South Africa. The arbitration will be governed by the rules of the Arbitration Foundation in terms of South African law and will be heard by an arbitrator or arbitrators appointed by the foundation.
Either party will be entitled to have the award made an order of court of competent jurisdiction. The parties will keep the evidence in the arbitration proceedings and any order made by any arbitrator confidential unless otherwise contemplated. The arbitrator will have the power to give default judgment if any party fails to make submissions on due date and/or fails to appear at the arbitration.
THE LAW GOVERNING OUR RELATIONSHIP
The conditions will be governed and construed in accordance with the law of the Republic of South Africa without reference to any conflict of law provisions.
HOW TO CONTACT US
If you have questions about this Notice or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your personal information, please feel free to contact us:
South Africa: +27 11 467 0810
International: +27 11 782 5289
Email: privacy@xpatweb.com