KFC (PTY) LIMITED, PIZZA HUT (PTY) LIMITED

SOUTH AFRICAN PRIVACY NOTICE (ADDENDUM TO PRIVACY POLICY)

 

Last modified:  June 24, 2021

 

1. This South African Privacy Addendum supplements the information contained in our Privacy Policy and applies solely to persons whose personal information is processed in South Africa (“you”) and to our websites, online experiences and mobile apps for Apple iOS, Windows, or Android mobile devices that are available in South Africa, including www.kfc.co.za, www.pizzahut.co.za and any other site that links to this Privacy Addendum.

2. In the event of a conflict between this Privacy Addendum and the Privacy Policy this Privacy Addendum shall prevail.

3. We are subject to the Protection of Personal Information Act of South Africa (“POPIA”). This South African Privacy Addendum has been developed in accordance with our South African privacy obligations.  Unless otherwise expressly stated, all terms have the same meaning as defined in our Privacy Policy or as otherwise defined by POPIA and applicable South African privacy legislation.

4. Unless you advise us otherwise, through the access and use of our Sites and Services or other offerings, you signify that you have consented to the collection, use and disclosure of your personal information as explained in this South Africa Privacy Addendum and our Privacy Policy.

5. For purposes of this Addendum:

(i) “Applicable Laws” means all laws, regulations that we is required to comply with;

(ii) “Customer” or “You” or “you” or “Your” means any customer who accessing any KFC or Pizza Hut platform online or via the KFC or Pizza Hut Apps; and

(iii) “KFC ” or “we” or “us” means KFC (Pty) Limited with registration number: 1994/003839/07 a limited liability company duly incorporated in terms of the company laws of South Africa, with its registered place of business situated at Building G, Knightsbridge Office Park, 33 Sloane Street, Bryanston, Johannesburg;

OR

(iv) “KFC” or “we” or “us” (where applicable) means Kentucky Fried Chicken Social Responsibility Trust Fund, a non-profit company incorporated in accordance with the company laws of the Republic of South Africa (registration number: IT107/92) which operates under the Add Hope Trademark and brand;

(v) “Pizza Hut” or “we” or “us” means Pizza Hut (Pty) Limited or any of its subsidiaries or affiliates with registration number 2014/010299/07, a limited liability company with address at Building G, Knightsbridge Office Park, 33 Sloane Street, Bryanston, Johannesburg.

6. Your Consent is Important to Us.   We process your personal information with your consent (which may be express or implied) or where we are otherwise permitted or required to do so by applicable law or by regulatory requirements.

6.1    You have the right to ask us not to contact You for marketing purposes.   You can exercise this right at any time by using any of the various “opt-out” options that we will always provide to You when we communicate with You or by contacting us as set forth in the “Contact Us” section below. We won’t send You marketing messages if You tell us not to but we will still need to send You service-related messages.

6.2    Our websites use cookies.  If You wish to reject our cookies, You can configure Your browser to do so.

6.3    We want to make sure that any personal information we hold about You is up to date. So, if You think Your personal information is inaccurate, You can ask us to correct or remove it by contacting us as set forth in the “Contact Us” section below.

7. What Personal Information do we collect about you? (to be read in conjunction with the Privacy Policy): (i) personal or special personal information to us either directly or indirectly (through an agent acting on your behalf), by requesting further information about our products and services, whether in writing, through our website, over the telephone or any other means. (ii) We may also collect your personal or special personal information from your appointed agent, any regulator, or other third party that may hold such information. (iii) We may receive additional information about you that is publicly or commercially available and combine that with the information we have collected or received about you in in other ways.

8. Information we collect when you use our Sites and our Service (to be read in conjunction with the Privacy Policy): (i) Log information; (ii) Information we infer about you based on your interaction with products and services; (iii) Device information (for example the type of device you’re using, how you access platforms, your browser or operating system and Your Internet Protocol (“IP”) address); and (iv) non–personal browsing habits and click patterns.

9. How we use your personal information. (to be read in conjunction with the Privacy Policy): (i)  enable You to make use of the Sites in the manner described on the Sites, from time to time; (ii) enable other website users to find you on the Sites and connect to you; (iii) compile and maintain the Sites and member database; (iv) register and/or authenticate Users of and/or visitors to the Sites; (v) identify and take reasonable measures to prevent fraudulent uses of or Access to the Sites; (vi) compile non–personal statistical information about browsing habits, click patterns and Access to the Sites; (vii) attract advertisers by showing anonymised information about the database, for example demographics; (viii)track database size and growth; (ix) track compliance of registrants and third parties with these Terms and Conditions and Privacy Policy.

10. How we store and protect your information. (to be read in conjunction with the Privacy Policy): Your payment details- We do not store critical payment data such as credit card numbers on our applications. We use DPO PayGate and/or Wizzit, PCI DSS compliant organisations to do this in a secure manner. We do send data to them (including your order number and the amount payable) and receive data back from them (basically whether the transaction was successful). On the payment providers’ dashboards, we can see the first 6 and the last 4 digits of your credit card number, the card holder, issuing bank and the country in which that bank operates, but NOT the expiration date, CVC numbers, or your bank balance. At no point do we have access to enough data to reproduce your credit card. We can only charge your card after you have given your express consent: the only change we can make to a payment is a reduction, by reversing an authorization or refunding a payment. We cannot, under any circumstances, increase the amount that you have given authorization for. When you make an EFT payment into the KFC or Pizza Hut account, we cannot see your account number. WhatsApp-When you chat to us via WhatsApp ordering we employ the exact same security and safety measures to your personal information and data received, as if it were received on the KFC or Pizza Hut Website or KFC or Pizza Hut App.

11. Accessing and updating your personal information. We make reasonable efforts to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date, however, we necessarily rely on our customers to provide us with accurate and current information. Subject to certain exceptions and limitation prescribed by applicable law, you may request to review and/or correct your personal information by contacting our Information Officer at the address listed under “Contact Us” below and submitting your request to review and/or correct this information. We will require proof of your identity before we provide access to your personal information to you.  Please feel free to contact our Information Officer at the address or number provided above if have any questions about the collection, use, disclosure or storage of your personal information.

12. Data Retention and Deletion.  We will retain your personal information as long as reasonably necessary to maintain the Service, to meet legal and accounting obligations, and for the other purposes described in our Privacy Policy. We may destroy, anonymize, de-identify and/or aggregate personal information when it is no longer needed for the purposes for which it has been collected, in accordance with our automatic backup procedures and record retention policies

 

13. Marketing communications.  Compliance with POPIA, which affects direct marketing electronic messages (“DMEMs”), is important to us. We will only send you DMEMs if we have obtained your express opt-in consent to receive EMs from us, our Franchisees and marketing partners, as applicable. The DMEMs you receive will only relate to the specific purpose for which you have granted. You may withdraw your consent and opt-out or unsubscribe from receiving DMEMs at any time by following the instructions that are contained in our DMEMs or that are available through our Sites. All requests to opt-out or unsubscribe from receiving DMEMs will be processed promptly.

From time to time, we may update our Sites and request that you download software in order to continue use and access our Sites, products, services and other offerings, including those of our Franchisees. We will not install any software to your computer or device without your consent.

 

14. Data storage and transfer to other jurisdictions:   Your information collected through our Sites and Service may be stored and processed in South Africa, the United States or any other country in which we, our affiliates or service providers maintain facilities. When your personal information is stored and processed outside of South Africa, it may be accessed by foreign governmental authorities and otherwise in accordance with the laws applicable in the jurisdiction in which it is stored. If you are located in regions with laws governing data collection and use that may differ from South African law, please note that we may transfer information, including personal information, to a country and jurisdiction that have data protection laws that may be more or less restrictive than those required under South African law. If you would like further information about our policies and practices with respect to our use of service providers outside of South Africa or have question regarding the collection, use, disclosure or storage of personal information by our service providers located outside of South Africa, please contact our Information Officer at the Contact Us links below. Your use of our website, followed by Your submission of information to us, represents Your consent to such transfer. We will take all steps reasonably necessary to ensure that Your personal information is treated securely and in accordance with this privacy policy.

15. Clauses that do not apply in South Africa:  i) Address Book Information, ii) Information provided by Yum! Brands entities and Franchisees iii) For marketing purposes; iv) Children’s Privacy and v) To communicate with you. These sections, as contained in the Privacy Policy does not apply to individual residents of South Africa (“you”) and to our websites, online experiences and mobile apps , including www.kfc.co.co.za, www.pizzahut.co.za and any other site that links to this Addendum.

16. CONTACT US. Our Information Officer is the person responsible for our personal information practices and monitors ongoing compliance with our Privacy Policy and applicable laws for our South African operations.

For KFC:  If you have any questions about the Privacy Policy You may at any time request: (i) confirmation that we hold Your personal information; (ii) access to Your personal information; (iii) the identities or categories of third parties to whom we have disclosed Your personal information;(iv) that we correct or delete any personal information that is incomplete, misleading, inaccurate, excessive or out of date by completing this Form.

Requests may be made in writing to KFCCompliance@yum.com.
For Pizza Hut:  If you have any questions about the Privacy Policy You may at any time request: (i) confirmation that we hold Your personal information; (ii) access to Your personal information; (iii) the identities or categories of third parties to whom we have disclosed Your personal information;(iv) that we correct or delete any personal information that is incomplete, misleading, inaccurate, excessive or out of date by completing this Form.

Requests may be made in writing to ZA-PHLegal@yum.com.

Should you wish to access the Protection of Personal Information Act No.4 of 2013, please go to https://popia.co.za/

Should you wish to reach out to the Information Regulator, please go to https://www.justice.gov.za/inforeg/-