When we talk about “Bento,” “we,” “our,” or “us” in this policy, we are referring to Bento Technologies (Pty) Ltd (2020/929401/07) and place of business at 1 The Hague, 10B Tamboerskloof Road, Tamboerskloof, Cape Town.
This Policy complies with, and facilitates the obligations required from, the South African Protection of Personal Information Act, No. 4 of 2013 (“POPI”), as amended.
In some circumstances, Bento is the “responsible party” (as defined in POPI) and is responsible for your personal information in instances where we decide the processing operations concerning your personal information.
Sometimes we also operate as an “operator” (as defined in POPI) of personal information on behalf of a third-party responsible party, where that responsible party’s privacy terms will apply.
The terms “user“, “you“, “data subject” and “your” are used interchangeably in this Policy and refer to all persons accessing the Site and/or Services, or are engaging with Bento for any reason whatsoever.
We have appointed a data representative at Bento who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the representative using the details set out below.
Our full details are:
Full name of legal entity: Bento Technologies (Pty) Ltd
Name or title of data representative: Claudia Snyman
Email address: email@example.com
Postal address: The Hague, 10B Tamboerskloof Road, Tamboerskloof, Cape Town
You have the right to make a complaint at any time to the South African data regulator’s office (Information Regulator’s Office of South Africa). We would, however, appreciate the chance to deal with your concerns before you approach any such regulator, so please contact us in the first instance.
When you access our Site or use the Services, we collect and store certain information about you, including “personal information.” Personal information is information that, alone or in combination with other information in our possession, could be used to personally identify you.
Information Collected from You or Your Employer. We may collect or receive the following categories of personal information when you, your employer (our Client), or your employer’s designated administrator or accountant access the Site, request to receive information about Bento or its Services, create an account, use any of the Services, or otherwise communicate with us, including through customer support channels.
Financial Information, such as:
- Bank account number and transaction information
- Details about your salary and benefits
Identification Information, such as:
- Name, mailing address, email address, phone number, birthdate
- Taxpayer identification number
Health and Welfare Benefits Information, such as:
- Identification information for you and your dependents
- Life events and conditions that impact benefits eligibility, including marital status, employment information, and illness or disability information
- Insurance policy information, including plan numbers, benefits and coverage information, and premium amounts
- Insurance claim information, including monetary amounts, and other information required to process or verify claims
- Retirement Fund information including membership numbers, contribution information, and fund balances.
Other Information You Voluntarily Choose to Provide. We may collect information, including personal information, that you voluntarily provide to us when you:
- Participate in surveys, contests, sweepstakes, or promotions
- Register for, attend, or participate in conferences, webinars, or events
- Provide us feedback or comment on our products, our blogs or social media pages
- Submit information to us so that we can assess potential business opportunities
- Apply for a job position with us.
Should you choose to provide additional personal information to us you agree to provide accurate and current information, and, generally, not to impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything.
Should your personal information change, please update it by providing us with updates to your personal information as soon as reasonably possible to enable us to update it. Bento will, however, not be able to update any personal information of yours attained from another responsible party, where should you want to update the same, you must approach the relevant responsible party to do so. Bento is under no obligation to ensure that your personal information or other information supplied by you is correct.
You warrant that the personal information disclosed to Bento is directly from you as the user on the Site or in connection to the Services, and all such personal information is lawfully yours to provide.
We automatically collect certain information when you access the Site or use the Services.
Electronic & Online Identifiers (IDs), such as:
- If on a mobile device: mobile carrier, device IDs, and mobile advertising IDs
- If using a browser: operating system, browser type, and Internet Protocol (IP) address
Geolocation Information, such as:
- Approximate location derived from IP address (if using a browser)
- Precise location (based on the GPS coordinates of your device) only if you have opted into a product feature that includes it (such as a geo-fenced or geo-location time tracking service).
Internet Activity Information, such as:
- Your “log-in” and “log-out” information
- The pages that you visit before, after, and while using our Services
- Pages you visit, links you click, and the content you view on the Site
- Single Sign-On Information (SSO) that allows us to verify your authorised access to the Services from another service you use and with which we partner, such as your email.
We collect information using Tracking Technologies, such as:
- Cookies, which are small text files that websites send to your computer or mobile device. This includes session cookies (which are deleted once you close your browser) and persistent cookies (which remain on your computer or device until you delete them or they expire)
- Pixel tags (also known as web beacons), which are pieces of code embedded in our Services that collect information about engagement on our Site or emails. To make it easier, we call cookies and pixel tags/web beacons “Tracking Technologies”
We use the third-party analytics tools, including:
We use Tracking Technologies for the following purposes:
- When it is operationally necessary for us to provide you access to our Site or Services. This also includes tracking behavior in order to protect against irregular, fraudulent, or possibly illegal behavior on our Site or Services
- To assess the performance of how you and others use our Site and Services (for more information, read the Analytics section below)
- To enhance the functionality of our Site or Services. This includes identifying you when you sign into our Services and keeping track of your preferences, interests, or past items viewed
Any processing of your personal information will be reservedly for our legitimate business purposes and as a necessary function of your engagement with the Site and/or our Services, and you have expressly consented to this by using our Site and/or Services, but we will not, without your express consent:
Use your personal information for any purpose other than as set out below:
- in relation to the provision to you of the Services and/or access to the Site;
- to fulfil orders for products and Services;
- to contact you as requested by you;
- to enable you to provide us with your contracted services;
- for internal record keeping of responsible party third parties and the development of metrics of third-party searches;
- to contact you regarding current or new Services or any other product offered by us (unless you have opted out from receiving marketing material from us, possible through that same correspondence to you); and/or
- to improve our Site or Services by, for example, monitoring your browsing habits, or tracking your activities on the Site or Bento platform; or
Disclose your personal information to any third party other than as set out below:
- to our employees and/or third-party service providers who assist us to interact with you via our Site, email or any other method, for your use of the Services, and thus need to know your personal information in order to assist us to communicate with you properly and efficiently;
- to external responsible parties who already have your express consent to process and/or attain such personal information from and/or with us;
- to our professional services providers (such as our appointing FSP, insurers or lawyers where we believe that it is required under our contractual relationship with our provider to do so);
- to law enforcement, government officials, fraud detection agencies or other third parties when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report or support the investigation into suspected illegal activity or the contravention of an applicable law or to investigate violations of this Policy and/or the Site’s or Services’ other policies; and
- to our service providers (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services etc) or other third-party service providers should you opt to subscribe to one or more of their products and/or services via Bento. However, our contracts dictate that these service providers may only use your information in connection with the services they perform for us, not for their own benefit and under the same standards as how we operate.
We are entitled to use or disclose your personal information if such use or disclosure is required in order to comply with any applicable law, subpoena, order of court or legal process served on us, or to protect and defend our rights or property. In the event of a fraudulent online payment, Bento is entitled to disclose relevant personal information for criminal investigation purposes or in line with any other legal obligation for disclosure of the personal information which may be required of it.
The user is entitled to request access to any relevant personal information held by Bento and where such access is necessary for you to exercise and/or protect any of the user’s rights. For any personal information held by any third-party responsible party, the user must approach that responsible party for the realisation of the user’s personal information rights with them, and not with Bento.
Under POPI, you have rights in relation to your personal information. Please contact us to find out more about, or manifest, these rights:
- have your data processed in a fair, lawful and transparent way;
- access personal information we hold about you;
- require us to correct any mistakes in your personal information;
- require us to delete personal information concerning you in certain situations where there is no good reason for us to continue to process it;
- request that we transfer your personal information to you or another service provider in a simple, structured format;
- object at any time to processing of your personal information for direct marketing purposes;
- object to automated decision making which produces legal effects concerning you or similarly significantly affects you;
- object in certain other situations to our continued processing of your personal information; and/or
- otherwise restrict or temporarily stop our processing of your personal information in certain circumstances.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 30 days.
Users with citizenships from jurisdictions other than of South Africa, please note that Bento complies with all South African data protection laws when processing your personal information pursuant to the Services as we are a South African entity operating in the South African market. Should foreign law be applicable in any regard to your use of the Services and/or the Site in any way, including how we may process your personal information, please contact Bento at firstname.lastname@example.org who will gladly engage you on its application and your rights.
Users acknowledge that any content provided by users on the Site, including via a messaging system, enters an open, public forum, and is not confidential, where the author of which will be liable for that content, and not Bento.
By accepting this Policy, you have opted-in to receive emails from Bento, where your email address will be used to contact you from time to time and may also use it for security reasons to confirm your identity.
You have the right to opt-out of receiving email communication by following the directions posted on every email communication or by emailing email@example.com and asking to not be contacted from then on.
We employ administrative, physical and technical measures designed to protect your information from unauthorised access and to comply with POPI. Your personal information will be kept on our servers or on those of our service providers and only those employees that require it for the purposes of their duties will have access to your personal information. We have also implemented controls which require our third-party service providers and partners to have appropriate safeguards to protect your personal information.
Whilst we will do all things reasonably necessary to protect your rights of privacy, we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in our possession, made by third parties who are not subject to our control, unless such disclosure is as a result of our gross negligence or fraud.
Despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any interception or other type of misuse. We also depend on you to protect your information. If you become aware of any breach of security or privacy, please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorised disclosure.
We may share your personal information within the Bento group – and because Bento is a fully remotely operating company this may involve transferring and processing your data outside of South Africa.
Whenever we transfer your personal information out of the country, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information;
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe under the GDPR.
We will not retain your personal information longer than the period for which it was originally needed, unless we are required by law to do so, or you consent to us retaining such information for a longer period. In some circumstances, other applicable national laws require us to retain your data beyond your request for its deletion, or beyond your direct engagement with Bento. As such, we may retain your personal information in adherence with compulsory instructions from other applicable national laws, notwithstanding your application to have it deleted or amended.
The Service is not directed to children under 18. However, if a child under the age of 18 is a dependent on a benefits plan covered by the Services, we may collect information about the child (solely as needed to provide the Services) from the child’s parent or legal guardian, or from insurance carriers and third-party administrators.