1. PURPOSE OF THIS NOTICE AND TERMS

1.1 We, Afgri Group Holdings (Pty) Ltd (Registration number: 2016/423375/07) together with our subsidiaries and trading partners as listed under Schedule 1: Afgri Group: Subsidiaries and Affiliates, (collectively referred to as “we”, ”us”, “Afgri Group” or “the company” in our capacity as a Responsible Party, in order to engage with you, will have to process your Personal Information, and in doing so, will have to comply with a law known as the Protection of Personal Information Act, 4 of 2013 (hereinafter referred to as “POPIA”), which regulates and controls the processing of a legal entity’s and/or an individual’s Personal Information in South Africa, (hereinafter referred to as a “Data Subject”),which processing includes the collection, use, and transfer of a Data Subject’s Personal Information.

1.2 For the purpose of this Processing Notice, please take note of the following words and phrases which will be used throughout this Processing Notice:

• “consent”, means the consent which you, in your capacity as a Data Subject, may have to give to us, under certain circumstances, to process your Personal Information, which consent must be voluntary, specific and informed. Following this, once we have explained to you why we need your Personal Information and what we will be doing with it, you are then, in relation to certain uses of the information, required to give us your permission to use it, which permission or consent can be express or implied; implied meaning that your consent can be demonstrated by way of your actions;
• “Data Subject”, means you, the person who owns and who will provide us with your Personal Information for processing;
• “Operator” means any person who processes your Personal Information on our behalf as contractor, in terms of a contract or mandate, without coming under the direct authority of us. These persons for illustration purposes may include verification agencies, advertising and public relations agencies, call centres, service providers, auditors, legal practitioners, and/or organs of state, including government, provincial and municipal entities and bodies;
• “Personal Information”, means Personal Information relating to any identifiable, living, natural person, and an identifiable, existing legal entity, namely the Data Subject, including, but not limited to —
• in the case of an individual:
  • name, address, contact details, date of birth, place of birth, identity number, passport number, bank details, details about your employment, tax number and financial information;
  • vehicle registration;
  • dietary preferences;
  • financial history;
  • information about your next of kin and or dependants;
  • information relating to your education or employment history; and
  • Special Personal Information including race, gender, pregnancy, national, ethnic or social origin, colour, physical or mental health, disability, criminal history, including offences committed or alleged to have been committed, membership of a trade union and biometric information, such as images, fingerprints and voiceprints, blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition;
• in the case of a legal entity:
• name, address, contact details, registration details, financials and related history, B-BBEE score card, registered address, description of operations, bank details, details about your employees, business partners, customers, tax number, VAT number and other financial information;
• “processing” / “process” or “processed”, means in relation to Personal Information, the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form; merging, linking, as well as restriction, degradation, erasure or destruction of information; or sharing with, transfer and further processing, including physical, manual and automatic means. This is a wide definition and therefore includes all types of usage of your Personal Information by us including the initial processing when we first collect your Personal Information and any further and ongoing processing until destruction of such information when no longer required;
• “Purpose” means the reason why your Personal Information needs to be processed by Afgri Group;
• “Responsible Party” means Afgri Group, the person who is processing your Personal Information;
• “you” means you, the Data Subject the person or legal entity who will be providing Afgri Group, with your Personal Information, for processing.

1.3 In terms of POPIA, where a Responsible Party processes a Data Subject’s Personal Information, such processing must be done in a lawful, legitimate and responsible manner and in accordance with the provisions, principles and conditions set out under POPIA.

1.4 In order to comply with POPIA, a Responsible Party processing a Data Subject’s Personal Information must:

1.4.1 provide the Data Subject with a number of details pertaining to the processing of the Data Subject’s Personal Information, before such information is processed; and

1.4.2 get permission or consent, explicitly or implied, from the Data Subject, to process his / her / its Personal Information, unless such processing:

• is necessary to carry out actions for the conclusion or performance of a contract to which the Data Subject of the Personal Information is a party;
• is required in order to comply with an obligation imposed by law; or
• is for a legitimate purpose or is necessary to protect the legitimate interest(s) and/or for pursuing the legitimate interests of i) the Data Subject; ii) the Responsible Party; or iii) that of a third party to whom the Personal Information is supplied; or
• is necessary for the proper performance of a public law duty.

1.5  In accordance with the requirements of POPIA, and because your privacy and trust is important to all at Afgri Group, we set out below how we, Afgri Group and more importantly the Afgri Group Company Secretary Department collect, use, and share your Personal Information and the reasons why we need to use and process your Personal Information.

2. APPLICATION 

2.1  This Afgri Group Company Secretary Processing Notice applies to the following persons:

2.1.1 Potential or actual Afgri Group directors, trustees, executives and/or committee members;

2.1.2 Potential or actual Afgri Group security holders or shareholders;

2.1.3 other persons or legal entities whose Personal Information is processed by the Afgri Group Company Secretary Department, such as securities service providers, exchanges and stakeholders.

3. PURPOSE FOR PROCESSING YOUR PERSONAL INFORMATION

3.1 Your Personal Information will be processed by Afgri Group for the following purposes:

• Due diligence purposes – legitimate purpose: To carry out a due diligence before we decide to engage or interact with you or to do business with you, including obtaining and verifying your credentials, such as your business details, your medical and health history and related records, education and employment history and qualifications, in the case of any directorship or executive position, as well as your credit and financial status and history, tax status, and B-BBEE status.
• Contract purposes – assessment and conclusion of a contract: To investigate whether we are able or willing to conclude a contract with you based on the findings of any due diligence detailed above, and if the assessment is in order, to conclude a contract with you, be it in relation to our securities or shares or in relation to an appointment as an Afgri Group director, trustee or executive, and in order to manage such relationship.
• Attending to administration and financial matters – conclusion of a contract and legitimate interest: To manage and operate the activities of Afgri Group, including providing director, trustee or executive and/or shareholder details to third parties, including banks, regulators and trading partners and service providers, to administer company secretarial records, books, records, accounts or profiles related to you as a director, trustee, executive or a securities holder or shareholder including registrations, subscriptions, issuing of share scripts, documenting and recording the purchase, sale and issuing of shares or securities, sending out meeting agendas and notices, recording meeting minutes and resolutions, attending to billing fees, costs and charges, carrying out calculations, quoting, invoicing, receiving payments or paying dividends or refunds, attending to tax payment, paying executive, trustee or director fees or expenses, and related taxes on their behalf, and performing reconciliations and financial management in general.
• Communications – legitimate purpose: To make contact with you and to communicate with you generally or in respect of our or your requirements, or instructions.
• Risk assessment and anti-bribery and corruption matters – legitimate purpose: To carry out organizational and enterprise wide risk assessments, and due diligences, in order to detect and prevent bribery, corruption, fraud and abuse, to comply with ABC laws, as well as to identify and authenticate your access to and to provide you with access to our goods and services or premises where applicable, and generally to ensure the security and protection of all persons including employees, and persons when entering or leaving the Afgri Group sites and operations or facilities and/or to exercise our rights and to protect our and others’ rights and/or property, including to take action against those that seek to violate or abuse our assets, systems, services, customers or employees and/or other third parties where applicable.
• Legal obligations, litigation, insurance and public duties: To comply with the law and legal obligations, including the requirement to register with regulators, obtain and hold permits and certificates, register for VAT, Tax, PAYE, SDL, COIDA and UIF etc. where applicable, and to pay levies and fees due in respect thereof, by Afgri Group or others, to submit legal or statutory reports or provide various regulatory or statutory notices or returns, to litigate and/or to pursue or defend legal claims or collections, to attend to insurance claims and related procedures, to respond to a request or order from a SAPS official, investigator or court official, regulator, or public authority.
• Business and operational issues – compliance with law and manage the contract: To communicate, enforce and ensure that you comply with any applicable policies and procedure which pertain to and apply to directors, trustees, executives or shareholders, conducting investigations and incident response activities, including reviewing your communications in these situations in accordance with relevant internal policies and applicable law.
• Occupational health – compliance with laws: To manage in the case of directors, executives and trustees, occupational health and absence and fitness for roles and notifying family members in emergencies.
• Travel – contractual: To facilitate business travel, travel-related support including conference attendance, bookings, and emergency support services.
• B-BBEE – compliance with laws: To comply with B-BBEE and monitor or report B-BBEE opportunities and related diversity issues, including but not limited to age, gender, ethnicity, nationality, religion, disability, sexual orientation, and marital or family status.
• Security purposes: legitimate purpose and to comply with laws: To permit you access to our offices, facilities, manufacturing or parking areas, as well as to controlled areas, for the purposes of monitoring via CCTV, your interaction and access in and from our facilities described above, and for general risk management, security and emergency incident control purposes as well as for data and cybersecurity purposes.
• Marketing and electronic communications related thereto – consent required: To provide you with communications regarding us, our goods and services and or other notifications, programs, events, or updates that you may have registered or asked for, and to send you offers, advertising, and marketing materials, including providing personalized advertising to you, save where you have opted out of this activity.
• Internal research and development purposes: To conduct internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current goods and services.
• Sale, merger, acquisition, or other disposition of our business – our legitimate interest: To proceed with any proposed or actual sale, merger, acquisition, or other disposition of our business (including in connection with any bankruptcy or similar proceedings).

4. WHAT PERSONAL INFORMATION OR INFORMATION DO WE COLLECT FROM YOU?

In order to engage and/or interact with you, for the purposes described above, we will have to process certain types of your Personal Information, as described below:

• Contact information, such as name, alias, address, identity number, passport number, security number, phone number, cell phone number, vehicle make and registration number, social media user ID, e-mail address, and similar contact data, serial numbers of equipment, details regards the possession of dangerous weapons, and other contact information including details of your employer, directorships, memberships or affiliations, your status with an organization, and similar data, which are required for various legitimate interest, contractual and/or lawful reasons.
• Specific identifiers, such as your fingerprints (access control or SAPS clearance purposes), race (B-BBEE), medical history including any medical conditions (to comply with laws and related to correct and fair treatment issues), and financial, credit, deviant and criminal history (to protect our legitimate interests and to perform risk assessments), which are required in order to protect legitimate interests, comply with legal obligations or public legal duties, and/or in order to accommodate you within the Afgri Group facilities.

• Financial and account Information, such as billing address, billing contact details, and similar data, tax numbers and VAT numbers, banking details and similar data, which are required to perform contractual matters and to comply with laws.

• General communications, such as requests, general or specific communications, opinions, suggestions, questions, comments, feedback, and other information you send to us, which processing is done in order to protect legitimate interests, comply with legal obligations or public legal duties.

• Your Image, such as still pictures, video, voice, and other similar data, which are required to perform contractual matters and/or in order to accommodate you within the Afgri Group facilities.

• Career, education, and employment related information,in the case of directors, trustees and executives, such as work performance and history, nationality and immigration status, demographic data, disability-related information, professional licensure information and related compliance activities, accreditations and other accolades, education history (including schools attended, academic degrees or areas of study, academic performance, and rankings), and similar data, which are required for contractual related matters or which are required to comply with laws and public duties.

• Health records, in the case of directors, trustees and executives, such as medical status and history, examinations, blood type, medial aid history, disability-related information, biometrics, medicals, psychometrics and similar data, which are required for contractual related matters or which are required to comply with laws and public duties.

5. SOURCES OF INFORMATION – HOW AND WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM 

5.1 Depending on your requirements, we will collect and obtain Personal Information about you either directly from you, from certain third parties, or from other sources which are described below:

5.1.1. Direct collection: You provide Personal Information to us when you:

• express an interest in us;
• respond to our communication sent to you;
• make contact with or interact with us;
• become an Afgri Group director, shareholder, trustee or executive;
• enquire about, or search for us or our goods or services;
• create or maintain a profile or account with us;
• conclude a contract with us;
• purchase or subscribe to our goods or services, including our shares or securities;
• register for or attend one of our events or locations;
• request or sign up for information, including marketing material.
• communicate with us by phone, e-mail, chat, in person, or otherwise.

5.1.2 Automatic collection: We collect Personal Information automatically from you when you:

• search for, visit, interact with, or use our websites or social media portals or platforms;
• use our goods or services (including through a device);
• access, use, or download content from us;
• open e-mails or click on links in e-mails or advertisements from us;
• otherwise interact or communicate with us (such as when you attend one of our events or locations, when you request support or send us information, or when you mention or post to our social media accounts).

5.1.3 Collection from third parties: We collect Personal Information about you from third parties, such as:

• those who have a relationship with you;
• regulators, professional or industry organizations and certification / licensure agencies that provide or publish Personal Information related to you;
• third parties and affiliates who deal with or interact with us or you;
• service providers and business partners who work with us and that we may utilize to deliver certain content, products, or services;
• marketing, sales generation, and recruiting business partners;
• SAPS, Home Affairs, Credit bureaus, JSE, CIPC, SAFEX and other exchanges and other similar agencies;
• other government agencies, regulators and others who release or publish public records;
• other publicly or generally available sources, such as social media sites, public and online websites, open databases, and data in the public domain

6. HOW WE SHARE INFORMATION

We share your Personal Information for the purposes set out in this Company Secretary Processing Notice with the following categories of recipients:

• Afgri Group employees, directors, trustees, executives and affiliates. We may share your Personal Information amongst our employees, directors, trustees, executives and affiliates and the companies within Afgri Group, detailed under Annexure “A”, for business and operational purposes.
• Business Partners.We may share your Personal Information with our business partners.
• Third Party Service Providers.We may share your Personal Information with our third party service providers to perform tasks on our behalf and which are related to our relationship with you.
• IT and Cyber Third-Party Service Providers. We may share your Personal Information with our cyber service providers to perform tasks on our behalf and which are related to our relationship with you.
• PR Agencies and Advertisers.We may share your Personal Information with advertisers, advertising exchanges, and marketing agencies that we engage for promotional, advertising and printing of brochure services.
• Regulators and law enforcement agencies. We may disclose your Personal Information to regulators and other bodies in order to comply with any applicable law or regulation, to comply with or respond to a legal process or law enforcement or governmental request.

• Other Disclosures.We may disclose your Personal Information to third parties as part of our commercial activities , or if we reasonably believe that disclosure of such information is necessary to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of Afgri Group, our employees, its directors, trustees, executives, shareholders or stakeholders, or the public.

• Merger, Sale, or Change of Control.We may share your Personal Information to a third party entity as part of a merger, acquisition, sale, or other change of control activity.

7. SECURITY OF INFORMATION

7.1 The security of your Personal Information is important to us. Taking into account the nature, scope, context, and purposes of processing Personal Information, as well as the risks to individuals of varying likelihood and severity, we have implemented technical and organizational measures designed to protect the security of Personal Information. In this regard we will conduct regular audits regarding the safety and the security of your Personal Information.

7.2 Your Personal Information will be stored electronically and in some cases in hard copy in files and records, which information, for operational reasons, will be accessible to and/or provided to persons employed or contracted by us on a need to know basis.

7.3 Once your Personal Information is no longer required, such Personal Information will be retained in accordance with our Afgri Group records retention schedule, which varies depending on the type of processing, the purpose for such processing, the business function, record classes, and record types. We calculate retention periods based upon and reserve the right to retain Personal Information for the periods that the Personal Information is needed to: (a) fulfil the purposes described in this Processing Notice, (b) meet the timelines determined or recommended by regulators, professional bodies, or associations, (c) comply with applicable laws, legal holds, and other legal obligations (including contractual obligations), and (d) comply with your requests.

7.4 Notwithstanding clause 7 and 8, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable measures designed to protect Personal Information, we cannot guarantee its absolute security.

8. ACCESS BY OTHERS AND CROSS BORDER TRANSFER

8.1 Afgri Group may from time to time have to disclose your Personal Information to other parties, including Afgri Group subsidiaries, trading partners, agents, auditors, organs of state, regulatory bodies and/or national governmental, provincial, or local government municipal officials, or overseas Afgri Group subsidiaries or trading parties or agents, but such disclosure will always be subject to an agreement which will be concluded as between ourselves and the party to whom we are disclosing your Personal Information to, which contractually obliges the recipient of your Personal Information to comply with strict confidentiality and data security conditions.

8.2 Where your Personal Information is transferred to a country which is situated outside South Africa, your Personal Information will only be transferred to those countries which have similar data privacy laws in place or where the recipient of the Personal Information concludes an agreement which contractually obliges the recipient to comply with strict confidentiality and data security conditions and which conditions in particular will be to a no lesser set of standards than those imposed by POPIA.

9. YOUR RIGHTS

9.1 You as a data subject you have certain rights, which are detailed below:

• The right of access – You may ask Afgri Group (free of charge) to confirm that we hold your Personal Information, or ask us to provide you with details, (at a fee) on how we have processed your Personal Information, which request must be done by following the process set out under the Afgri Group PAIA Manual which can be accessed here: https://www.afgri.co.za/wp-content/uploads/2021/06/AFGRI-PAIA-Manual-in-light-of-POPI-03-06-2021.pdf
• The right to rectification – You have the right to ask us to update or rectify any inaccurate Personal Information which we hold of yours, which can be done by accessing the update / rectification request here: Form Rectification https://www.afgri.co.za/
• The right to erasure (the ‘right to be forgotten’) – Where any overriding legal basis or legitimate reason to process your Personal Information no longer exists, and the legal retention period in relation to the archiving of the information has expired, you may request that we delete the Personal Information, which can be done by accessing the request for erasure request here: Form Erasure – https://www.afgri.co.za/
• The right to object to and restrict further processing – Where we do not need your consent to process your Personal Information, but you are not in agreement with such processing, you may lodge an objection to such processing by accessing the objection request here: Form objection – https://www.afgri.co.za/
• The right to withdraw consent – Where you have provided us with consent to process your Personal Information, you have to right to subsequently withdraw your consent, which can be done by accessing the withdrawal of consent request here: Form withdrawal – https://www.afgri.co.za/
• The right to data portability – Where you want your Personal Information to be transferred to another party, which can be done under certain circumstances, please access and complete the required transfer form here: Form transfer – https://www.afgri.co.za/

10. CHANGES TO THIS PRIVACY STATEMENT

10.1 As Afgri Group changes over time, this Processing Notice is expected to change as well.

10.2 Afgri Group reserves the right to amend the Processing Notice at any time, for any reason, and without notice to you other than the posting of the updated Processing Notice on the Afgri Group Website.

10.3  We therefore request that you to visit our Website frequently in order to keep abreast with any changes.

11. COMPLAINTS OR QUERIES – CONTACT US

11.1 Any comments, questions or suggestions about this Processing Notice or our handling of your Personal Information should be e-mailed to informationofficer@afgri.co.za

11.2 Alternatively, you can contact us at the following postal address or telephone numbers:

CONTACT US

Information Officer	Deputy Information Officer	Deputy Information Officer
Name:  Pieter Badenhorst Address:   AFGRI Building 12 Byls Bridge Boulevard Highveld X73, Centurion Tel: 011 0632954 Email: informationofficer@afgri.co.za	Name:  Willena Smith Address:   AFGRI Building 12 Byls Bridge Boulevard Highveld X73, Centurion Tel: 011 063 2291 Email: informationofficer@afgri.co.za	Name: Rika Myburg Address:   AFGRI Building 12 Byls Bridge Boulevard Highveld X73, Centurion Tel: 011 063 2006 Email: informationofficer@afgri.co.za

11.3 Our telephone switchboard is open 09:00 am – 5:30 pm GMT, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.

11.4 Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.

11.5  Should you feel unsatisfied with our handling of your Personal Information, or about any complaint that you have made to us, you are entitled to escalate your complaint to the South African, Information Regulator who can be contacted at https://inforegulator.org.za/contact-us/

12. PROCESSING PERSONAL INFORMATION

12.1 If you process another’s Personal Information on Afgri Group’s behalf, or which we provide to you in order to perform your contractual or legal obligations or to protect any legitimate interest, you will keep such information confidential and will not, unless authorized to do so, process, publish, make accessible, or use in any other way such Personal Information unless in the course and scope of your duties, and only for the purpose for which the information has been received and granted to you, and related to the duties assigned to you.

13. ACCEPTANCE AND BINDING NATURE OF THIS DOCUMENT

13.1 By providing Afgri Group with the Personal Information which we require from you as listed under this Processing Notice: 

• you acknowledge that you understand why your Personal Information needs to be processed;
• you accept the terms which will apply to such processing, including the terms applicable to the transfer of such Personal Information cross border;
• where consent is required for any processing as reflected in this Processing notice, you agree that we may process this particular Personal Information.

13.2 Where you provide us with another person’s Personal Information for processing, you confirm that that you have obtained the required permission from such person(s) to provide us with their Personal Information for processing.

13.3 The rights and obligations of the parties under this Processing Notice will be binding on, and will be of benefit to, each of the parties’ successors in title and/or assigns where applicable.

14.4 Should any of the Personal Information concern or pertain to a legal entity whom you represent, you confirm that you have the necessary authority to act on behalf of such legal entity and that you have the right to provide the Personal Information and/or the required permissions in respect of the processing of that Organization or entities’ Personal Information.