Our Story
OUR BRANDS

Iconic local and global brands

Lactalis South Africa is home to some of South Africa’s most iconic brands, playing in ALL dairy categories.

Bonnita
Galbani
Melrose
Parmalat
President
SteriStumpie
Parmalat
Président

Melrose
Steri Stumpie
Bonnita
Aylesbury

 

Galbani
Pride
PureJoy
Cabana
EasyGest
Parmalat Professional Services

 

Protein
OUR NEWS
MILK SUPPLY
Careers
CONTACT US
OUR RECIPES

PRIVACY POLICY

PLEASE READ THESE TERMS AND CONDITIONS OF USE CAREFULLY BEFORE USING THIS SITE.

This website privacy policy describes how we process information we collect and/or receive from you.

  1. APPLICATION

As a Responsible Party and/or Operator, we strive to observe, and comply with its obligations under POPIA and where applicable the GDRP, accepted information protection principles, practices and guidelines when Lactalis Processes Personal Information from or in respect of a Data Subject.

The policy applies to Personal Information collected by Lactalis in connection with the services which we offer and provide. This includes information collected directly from you as a Data Subject,  information we collect indirectly through our marketing and online through our website.

This website privacy policy does not apply to the information practices of Third Party companies who we may engage with in relation to our business operations (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that Lactalis does not manage or employ. These Third Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using them.

  1. PROCESS OF COLLECTING PERSONAL INFORMATION

We collect Personal Information directly from Data Subjects, unless an exception is applicable (such as, for example, where the Data Subject has made the Personal Information public or the Personal Information is contained in or derived from a public record).

We will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.

We often collect Personal Information directly from the Data Subject and/or in some cases, from Third Parties.

Where we obtain Personal Information from Third Parties, we will ensure that it obtains the consent of the Data Subject to do so or will only Process the Personal Information without the Data Subject’s consent where we are permitted to do.

We collect and receive information about you in the following ways:

1.1. Information you give us

This includes any information that you provide to us directly:

1.1.1. when you sign-up to utilise our services;

1.1.2. by filling in forms on our websites, or those provided to you;

1.1.3. when you enter a competition, promotion or complete a survey;

1.1.4. by posting comments or content on our social media pages; or

1.1.5. when you contact us or we contact you and you provide information directly to us.

1.2. What personal information we collect

1.2.1. When you register to use our services, you will be required to provide us with the following information, your:

1.2.1.1. name and surname;

1.2.1.2. contact number and email address;

1.2.1.3. physical address;

1.2.1.4. identity or passport number; and

1.2.1.5. date of birth.

1.3. Information we collect or receive when you use our website or social media platforms

We collect information when you use websites or social media platforms by using cookies, web beacons and other technologies. Depending on how you access and use websites, we may receive:

1.3.1. log information;

1.3.2. information we infer about you based on your interaction with products and services;

1.3.3. device information (for example the type of device you're using, how you access platforms, your browser or operating system and your Internet Protocol ("IP") address);

1.3.4. location information.

1.4. Information from third-party sources

We may receive additional information about you that is publicly or commercially available and combine that with the information we have collected or received about you in in other ways.

HOW WE USE THE INFORMATION WE COLLECT AND RECEIVE

We use the information we collect and receive for the following general purposes:

2.1. to provide you with information, products or services you request from us;

2.2. in order to refer you to an appropriate third-party service provider;

2.3. to communicate with you;

2.4. to provide you with support; and

2.5. to provide effective advertising (for example to provide you with news, special offers and general information about other goods, services and events which we offer, that are similar to those that you have already hired or enquired about).

 

LAWFUL PROCESSING OF PERSONAL INFORMATION

Where we are the Responsible Party, we will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where – 

  • consent of the Data Subject (or a competent person where the Data Subject is a Child) is obtained
  • Processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;
  • Processing complies with an obligation imposed by law on Lactalis;
  • Processing protects a legitimate interest of the Data Subject;
  • Processing is necessary for pursuing the legitimate interests of Lactalis or of a third party to whom the information is supplied; and/or
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Lactalis

We will make the manner and reason for which the Personal Information will be Processed clear to the Data Subject.

Where we are relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/her/its consent or may object to our Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent.

If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, we will ensure that the Personal Information is no longer Processed.

SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN

Special Personal Information is sensitive Personal Information of a Data Subject and Lactalis  acknowledges that we will generally not Process Special Personal Information unless processing is carried out in accordance with the Data Subject’s explicit consent; or information has been deliberately made public by the Data Subject; or processing is necessary for the establishment, exercise or defence of a right or legal claim or obligation in law); or processing is for historical, statistical or research purposes, subject to stipulated safeguards; or  for purposes of POPIA -

  • specific authorisation has been obtained in terms of POPIA;

and for purposes of the GDPR –

  • Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of Lactalis or of the Data Subject in the field of employment and social security and social protection law;
  • Processing is necessary to protect the vital interests of the data subject or of another natural person where the Data Subject is physically or legally incapable of giving consent;
  • Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  • Processing is necessary for reasons of substantial public interest;
  • Processing is necessary for the purposes of preventative or occupational medicine; or
  • Processing is necessary for reasons of public interest in the area of public health.

Lactalis acknowledges that it may not Process any Personal Information concerning a Child and will only do so where it has obtained the consent of the parent or guardian of that Child or where it is permitted to do so in accordance with applicable laws.

HOW WE SHARE THE INFORMATION WE COLLECT AND RECEIVE

3.1. We don’t sell your personal information to third parties for their marketing purposes.

3.2. We may share information with:

3.2.1. our affiliates, in other words, other companies in our group;

3.2.2. we may disclose your personal information to a limited number of our employees and third party service providers (other than those who we refer you to), who we assist you to interact with;

3.2.3. our business partners. We may share non-personally identifiable information with select business partners;

3.2.4. other parties in response to legal process or when necessary to conduct or protect our legal rights;

3.2.5. companies that provide services to us. Companies that provide services to us or act on our behalf may have access to information about you. These companies are limited in their ability to use information they receive in the course of providing services to us or you; and

3.2.6. third-parties where you provide consent. In some cases, third-parties (often advertisers) may wish to attain information about you in order to promote their products to you, or for whatever other reason. We may share information with third-parties where you provide consent in the form of an explicit opt-in. Before we ask you to opt-in, we will endeavour to provide you with a clear description of what data would be shared with the third-party. Remember that once you have opted in to allow us to send your information to the third-party, we cannot control what they do with your data; therefore, be sure to investigate their privacy policies before providing permission for us to share your information.

YOUR RIGHTS

4.1. You have the right to ask us not to contact you for marketing purposes. You can exercise this right at any time by using any of the various "opt-out" options that we will always provide to you when we communicate with you. We won’t send you marketing messages if you tell us not to but we will still need to send you service-related messages.

4.2. Our websites use cookies, which are small text files sent by a web server to store on a web browser. They are used to ensure websites function properly, store user preferences when needed and collect anonymous statistics on website usage. You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the website. If you accept a “cookie” or fail to deny the use of “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of our Website.  

  1. RETENTION OF DATA

We will retain your personal information only for as long as is necessary for the purposes set out in this privacy policy or to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies. This prohibition will not apply in the following circumstances –

  • where the retention of the record is required or authorised by law;
  • we require the record to fulfil our lawful functions or activities;
  • retention of the record is required by a contract between the parties thereto;
  • the data subject (or competent person, where the data subject is a child) has consented to such longer retention; or
  • the record is retained for historical, research or statistical purposes provided safeguards are put in place to prevent use for any other purpose.

Accordingly, we will, subject to the exceptions noted herein, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.

Where we retains Personal Information for longer periods for statistical, historical or research purposes, we will ensure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with this Policy and the applicable laws.

Once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, we will ensure that the Personal Information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify such Personal Information.

  1. STORAGE OF DATA

We may store your Personal Information in hard copy format and/or in electronic format using our own secure on-site servers or other internally hosted technology. Your Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom Lactalis  has contracted with, to support our business operations.

Lactalis Third Party service providers, including data storage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.

We will ensure that such Third Party service providers will process the Personal Information in accordance with the provisions of this Policy, all other relevant internal policies and procedures and POPIA  and where relevant the GDPR.

These Third Parties do not use or have access to your Personal Information other than for purposes specified by us, and Lactalis requires such parties to employ at least the same level of security that Lactalis uses to protect your personal data.

  1. OUR COMMITMENT TO SECURITY

The security of your data is important to us. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. However, we do employ a number of safeguards intended to mitigate the risk of unauthorized access or disclosure of your information. We will do our best to protect your personal information and we will use up to date technology that will help us to do this. We will at all times comply with our obligation under applicable law.

  1. DATA BREACH

A Data Breach refers to any incident in terms of which reasonable grounds exist to believe that the Personal Information of a Data Subject has been accessed or acquired by any unauthorised person.

A Data Breach can happen for many reasons, which include: (a) loss or theft of data or equipment on which Personal Information is stored; (b) inappropriate access controls allowing unauthorised use; (c) equipment failure; (d) human error; (e) unforeseen circumstances, such as a fire or flood; (f) deliberate attacks on systems, such as hacking, viruses or phishing scams; and/or (g) alteration of Personal Information without permission and loss of availability of Personal Information.

We will address any Data Breach in accordance with the terms of POPIA and, where relevant, the GDPR. We will notify the Regulator and the affected Data Subject (unless the applicable law requires that we delay notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject’s Personal Information.

We will provide such notification as soon as reasonably possible and, where feasible, not later than 72 (seventy two) hours after having become aware of any Data Breach in respect of such Data Subject’s Personal Information.

Where Lactalis acts as an ‘Operator’ and should any Data Breach affect the data of Data Subjects whose information Lactalis Processes as an Operator, Lactalis shall (in terms of POPIA and, where applicable, the GDPR) notify the relevant Responsible Party immediately where there are reasonable grounds to believe that the Personal Information of relevant Data Subjects has been accessed or acquired by any unauthorised person

  1. TRANSFER OF DATA

7.1. We are based in and operate from South Africa. Your information, including personal information, may be transferred to and maintained on servers located outside of your country of residence, where the data privacy laws, regulations and standards, may not be equivalent to the laws in your country of residence.

7.2. We might transfer your personal information to places outside of South Africa and store it there, where our suppliers might process it. If that happens, your personal information will only be transferred to and stored in a country that has equivalent, or better, data protection legislation than South Africa or with a service provider which is subject to an agreement requiring it to comply with data protection requirements equivalent or better than those applicable in South Africa.

7.3. Your use of our website, followed by your submission of information to us, represents your consent to such transfer.

7.4. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

  1. LINKS TO OTHER WEBSITES

Our website or social media platforms may contain links to and from websites, mobile applications or services of third parties, advertisers or affiliates. Please note that we are not responsible for the privacy practices of such other parties and advise you to read the privacy statements of each website you visit which collects personal information.

  1. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time. Any changes that we may make to our privacy policy will be posted on our website and will be effective from the date of posting.

  1. ACCESS TO YOUR PERSONAL INFORMATION

10.1. You may after having provided adequate proof of identity at any time request:

10.1.1. confirmation that we hold your personal information;

10.1.2. access to your personal information;

10.1.3. the identities or categories of third parties to whom we have disclosed your personal information; or

10.1.4. that we correct or delete any personal information that is incomplete, misleading, inaccurate, excessive or out of date.

10.2. Requests may be made in writing to the Head of Legal Christine.Kamugisha@za.lactalis.com

We will take reasonable steps to ensure that all Personal Information is kept as accurate, complete, and up to date as reasonably possible depending on the purpose for which Personal Information is collected or further processed.

We may not always expressly request the Data Subject to verify and update his/her/its Personal Information unless this process is specifically necessary. We, however, expect that the Data Subject will notify us from time to time in writing of any updates required in respect of his/her/its Personal Information.

  1. COMPLAINTS

11.1. Should you believe that we have utilised your personal information contrary to POPIA, you undertake to first attempt to resolve any concerns with us.

11.2. If you are not satisfied with such process, you may have the right to lodge a complaint with the Information Regulator, using the contact details listed below:
Email: complaints.IR@justice.gov.za