PRIVACY AND DATA PROTECTION POLICY (PRIVACY POLICY)

 

I. Introduction

  1. The right to privacy is an integral human right provided for under the South African Constitution. Goodyear Tyre and Rubber Holdings Proprietary Limited including its subsidiaries Hi-Q Automotive Proprietary Limited (Hi-Q), Goodyear South Africa Proprietary Limited (GYSA) and Trentyre Proprietary Limited (Trentyre) (Group), affiliates or members of the Group, our branches, business units, divisions, employees and volunteers, contractors, suppliers and other persons acting on behalf of the Group (“we”, “us” or “our”) regard the lawful Processing of PII as important to the achievement of our objectives. We strive to uphold the highest ethical standards in our business practices and Process PII in line with the requirements under the Protection of Personal Information Act 4 of 2013 (POPIA).
  2. This Privacy and Data Protection Policy (Privacy Policy) sets forth the general privacy principles that we follow with respect to PII that is Processed in our business operations and applies to any and all forms of Processing of PII in any format or medium relating to (i) associates, (ii) customers, prospective customers, suppliers and prospective suppliers with whom the Group does business or (ii) representatives or contact persons of such customers, suppliers, and prospective customers and suppliers.
  3. The purpose of this Privacy Policy is to explain what PII we collect, how, when and why we Process PII, when we may share or transfer your PII outside South Africa, how we secure the integrity of your PII and your rights in respect of the Processing of your PII.
  4. Unless expressly stated, the terms used in this Privacy Policy have the same meaning as provided for under the Global Privacy Policy, available at https://corporate.goodyear.com/en-US/terms-conditions-and-privacy-policy/global-privacy-policy.html).
  5. Where a provision in this Privacy Policy conflicts with a provision in the Global Privacy Policy, the provision in this Privacy Policy shall prevail.

 

II. WHAT PII DO WE COLLECT AND WHEN AND HOW DO WE PROCESS PII

  1. We strive to collect only the PII that we need. The PII we collect depends on how you interact with us.
  2. PII may be collected whenever we interact with prospective or current Associates, prospective and existing customers/suppliers or interact with representatives or contact persons of prospective and existing customers/suppliers (e.g. for the selling/ordering of products or for marketing related purposes); or when we use public databases to facilitate the provision of goods or services (e.g. to link a license plate with car identification information). Examples of PII collected include:
    2.1. basic identification information, such as name, title, position, company name, email and/or postal address and the fixed and/or mobile phone number;
    2.2. financial information (e.g. bank account details, credit card information);
    2.3. information regarding the status of direct marketing emails (e.g. not delivered, delivered, opened);
    2.4. car identification information (including license plate to the extent it is permitted under applicable law);
    2.5. tire warranty registration information and reference numbers; and
    2.6. any additional information you voluntarily provide, (e.g. by filling in a form or registering for an email newsletter).
  3. This information may either be directly provided by the above individuals or provided by the legal entity for whom they work (e.g. if they are the contact person designated by their employer to manage the commercial relations with us).
  4. You are not subject to any legal obligation to provide your PII to us. However, access to and use of any goods or services provided by us may not be able to commence or continue if you do not provide such PII.

 

III. PURPOSE OF PROCESSING

  1.  We, and Processors acting on our behalf, Process the PII collected from you for a specific purpose and only Process the PII that is relevant to achieve that purpose.
  2. We Process PII to:
    2.1. undertake sales and procurement activities relating to our products and services;
    2.2. market our products and services;
    2.3. administer our customers and suppliers (e.g. user registration, account opening, credit checks);
    2.4. manage and enhance the relationship with our customers and suppliers;
    2.5. supply our products and services to our customers (e.g. administering and tracking a purchase, payment, return, warranty or rebate; managing billing and invoicing; arranging for services);
    2.6. prepare and manage contracts with our customers and suppliers;
    2.7. measure consumer interest in our various products and services;
    2.8. improve our existing products and services (or those under development) by means of customer and non-customer surveys, statistics and tests, or requesting feedback on products and services;
    2.9. improve the quality of services taking into account preferences in terms of means of communication (phone, email, etc.) and frequency;
    2.10. periodically send promotional emails about our products, special offers and information that the company for which you work may find interesting, using the email address provided by you or for you (if any);
    2.11. otherwise communicate with you through various channels, (e.g. by periodically sending you promotional emails about our products, including special offers and information);
    2.12. monitor activities at our facilities, including compliance with applicable policies as well as security, health and safety rules in place;
    2.13. manage and monitor our IT resources, including infrastructure management & business continuity;
    2.14. manage our archiving and records;
    2.15. track our activities (measuring sales, number of calls, etc.);
    2.16. preserve the company’s economic interests;
    2.17. reply to an official request from a public or judicial authority with the necessary authorisation and
    2.18. manage legal and regulatory requirements, defend our legal rights and prevent and detect crime, including regular compliance monitoring.

 

IV. LEGAL BASIS FOR THE USE OF PII

  1. We are not allowed to Process PII if we do not have a valid legal ground. Therefore, we will only Process PII if:
    1.1. we have obtained your prior consent;
    1.2. the Processing is necessary to perform our contractual obligations towards you or to take pre‑contractual steps at your request;
    1.3. the Processing is necessary to comply with our legal or regulatory obligations (e.g. tax or accounting requirements); or
    1.4. the Processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when Processing your PII on this basis, we seek to maintain a balance between our legitimate interests and your privacy.
  2. Examples of such ‘legitimate interests’ are:
    2.1. to buy products and services from our suppliers or from potential suppliers;
    2.2. to offer our products and services to our customers or prospective customers;
    2.3. to benefit from cost-effective services (e.g. we may decide to use certain platforms offered by external suppliers to process data);
    2.4. to better manage and administer the relationships with the customers and their data;
    2.5. to improve the quality of services to the customers by taking into account their preferences in terms of means of communication (phone, e-mail, etc.) and frequency;
    2.6. to measure the customers’ interest in our products and gain a better understanding of customer interaction with the marketing emails, including by performing statistical and other research and analysis of data with respect to the status of the emails (e.g. not delivered, delivered, opened);
    2.7. to enable us to offer advertising and offers tailored to its customers so that we can market its products better;
    2.8. to prevent fraud or criminal activity, misuses of our products or services, as well as the security of our IT systems, architecture and networks;
    2.9. to sell any part of our business or its assets or if substantially all of our assets are acquired by a third party, in which case PII could form part of one of the assets we sell; and
    2.10. to meet our corporate and social responsibility objectives.

 

V. THIRD-PARTY RECIPIENTS

  1. We may transfer PII to our employees (to the extent they need it to perform their tasks) and other affiliates. Such other companies will either act as another controller (in which case you will be separately informed about this Processing) or only Process PII on behalf and upon request of the Controller (thereby acting as a Processor).
  2. In addition, we may also transfer your PII to third party Processors that are not affiliates to complete the purposes listed above, to the extent they need it to carry out the instructions we have given to them.
  3.  Such third-party Processors include:
    3.1. our IT service providers, cloud service providers and database providers; and
    3.2. our consultants, suppliers and service providers that assist us in promoting and marketing its products and services; store and analyse the PII; conduct user and consumer ratings, reviews and surveys; communicate with you on our behalf; process and fulfill transactions, including tire purchases and installations and/or other vehicle services; and as otherwise necessary to provide promotional communications or services to customers.
  4. Your PII may also be disclosed to:
    4.1. any third party to whom we assign or novate any of our rights or obligations under a relevant agreement;
    4.2. any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request; and
    4.3. any central or local government department and other statutory or public bodies.

 

VI. TRANSFERS OUTSIDE SOUTH AFRICA

  1. The PII transferred within or outside the Group may also be Processed in a country outside South Africa.
  2. If your PII is transferred outside South Africa, we will enter into a data transfer agreement in accordance with a contract that provides a similar level of protection for your PII as provided under local data protection laws prior to such transfer to ensure the required level of protection for the transferred PII. You may request additional information in this respect and obtain a copy of the relevant safeguard we have put in place by exercising your rights as set out below (see section “Your Rights” below).

 

VII. PII RETENTION

  1. We will retain your PII for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  2. The criteria we use to determine retention periods for PII include: the purposes for which the PII is collected, legal statutory limitation periods, retention periods imposed by law, applicable contractual requirements and relevant industry standards.

 

VIII. YOUR RIGHTS

  1. You have a right of access to your PII as Processed by us under this Privacy Policy. If you believe that any information, including PII, we hold about you is incorrect or incomplete, you may also request the correction thereof. We will promptly correct any such information.
  2. You also have the right to:
    2.1. request the deletion of your PII;
    2.2. request the restriction of the Processing of your PII;
    2.3. withdraw your consent where we obtained your consent to Process PII (without this withdrawal affecting the lawfulness of Processing prior to the withdrawal);
    2.4. object to the Processing of your PII for direct marketing purposes; or
    2.5. object to the Processing of your PII for other purposes in certain cases where we Process your PII on another legal basis than your consent.
  3. We will honour such requests, withdrawals or objections as required under the applicable data protection rules.
  4. In addition, you also have the right to data portability. This is the right to obtain the PII you have provided to us in a structured, commonly used and machine-readable format and request the transmission of such PII to you or a third party, without hindrance from US and subject to your own confidentiality obligations.
  5. To exercise the above rights, please send an email to privacy_office@goodyear.com.
  6. If you have any questions or are not satisfied with how we Process your PII, please let us know by sending an e-mail at privacy_office@goodyear.com.
  7. We will examine your question or complaint and get back to you as soon as possible.
  8. You also always have the right to file a complaint with the South African data protection authority, the Information Regulator, whose contact details are below.
 

The Information Regulator (South Africa):

JD House
27 Stiemens Street
Braamfontein
Johannesburg
South Africa
2001

Email: complaints.IR@justice.gov.za

http://www.justice.gov.za/inforeg/