Supplier privacy notice

This notice applies to anyone who supplies or potentially supplies goods or services to the University of Pretoria, and to University suppliers who lease commercial property from the University. In this privacy notice we will refer to you as a ‘supplier’.

We have created this notice to help you understand how we collect, use, and protect your personal information. We may need to update this notice periodically, but we will let you know when we do.

If you have any questions about this notice, please email us at [email protected].

1. What we do with supplier applicant information

1.1. We collect and generate personal information

We collect personal information about existing and potential suppliers, to assess whether you are a suitable supplier, or whether you qualify to lease commercial property from us.

We collect:

Full name, registered company name and contact details of potential or existing suppliers
ID documents or CIPC registration certificates
VAT Numbers
Bank details
BBBEE certificates
Tax compliance status issued by SARS or Tax Clearance certificate
Trade references
Company profiles and annual turnover
If any of the directors, members, or proprietors, or any family members of suppliers or potential suppliers, are employed at UP
Proof of insurance
Proof of registration with a professional body
Details of previous projects worked on
Financial statements

We generate records about you.

We generate:

An online profile for all tender applicants to apply for UP tenders electronically
A tender evaluation report on each applicant
Minutes of committee meetings documenting decisions for awarded tenders or leases
An online profile for UP registered suppliers used for payment and administration
An online profile where relevant contracts are uploaded for contract management

1.2. When and why we collect and process your personal information

When we collect and use your personal information	Why we collect your personal information
When we process and consider your application to provide goods or services to UP, or to lease commercial property from UP When we verify the details of your application with trade references and SARS	We process this information to conclude a contract with you and meet our contractual obligations
When you contact us by email, phone, or online chat, we use the information to reply, investigate, and resolve your query, complaint, or request	We process this information because it is in your or our legitimate interest
When we produce reports and returns for funding agencies, government departments, and public bodies When independent auditors conduct annual financial audits and we share your information as required	We process this information as a legal requirement under the Higher Education Act and other reporting obligations

2. Sometimes we have to share your information

We only use service providers we trust and who will keep your information secure. Contracts ensure they do this, whether local or abroad.

We use service providers to help us:

Communicate with you
Monitor service effectiveness
Manage our business (accountants, advisors)
Provide IT services
Process tender applications
Conduct independent annual financial audits

Some service providers may be located in other countries. Contracts ensure your information is protected to the same standard as in South Africa.

We may also share information when legally required, e.g., under the Higher Education Act.

3. We have taken reasonable steps to minimise the impact of a breach

We have reasonable security measures in place to protect your personal information.	Our measures protect your information from: Loss Misuse Unauthorised access Being altered Being destroyed We base security on the sensitivity of the personal information held.
We regularly monitor our systems for possible vulnerabilities and attacks.	No system is perfect, but we regularly monitor vulnerabilities.
We will let you know of any breaches that may affect your personal information.	If something happens, we will notify you and explain how to minimise the impact.
You can help to keep your information secure by being aware of how you communicate.	Emails can be intercepted. Avoid sharing personal information via email; use phone or online forms instead.

4. Know your personal information rights

You may ask us about your personal information.	You have the right to know when we collect and use your information, and to ask what we know about you and how we use it.
You may access your personal information.	Email [email protected] to request access. Response may take up to one month; fees may apply.
You have control over your personal information.	You may ask that we update incorrect or incomplete information.
	You may ask that we delete your personal information.
	You may request your personal information in a structured, machine-readable format.
	You may ask that we reuse your personal information for your own purposes across services.
	You may object to processing in certain circumstances.
	You may object to automated decision-making and profiling.
	You may request human review of automated decisions, express your viewpoint, and challenge decisions.
	You may ask that we restrict use of your personal information.
You have the right to unsubscribe	You may unsubscribe from any direct marketing we send you.

Published on 23 June 2021