Sasol is the data controller and therefore responsible for collection and processing of your personal data. The physical address of Sasol’s head office is Sasol Place, 50 Katherine Street,
Sandton, South Africa, 2196. If you have any questions regarding our data processing activities, your rights or any of the contents of this privacy statement, please contact our Chief Privacy Officer at firstname.lastname@example.org
At Sasol, we respect your privacy and value the trust which you place in us. As a result, we will only process your data when we have a valid reason do so. Our lawful reasons for processing your personal data will most commonly include:
1. Performance of a contract, which includes processing of personal data required to enter into a contract with you or the organisation for whom you work, alternatively for purposes of concluding a contract of employment with you and/or the conducting of pre-contractual measures including but not limited to, background checks and assessing your fitness and suitability for the position applied for at Sasol;
2. Compliance with a legal obligation placed on Sasol;
3. Where it is necessary for our legitimate interests (or those of a third party) and your privacy right(s) do not override those interests;
4. We may also use your personal data in the following situations, which are likely to be rare:
4.1. where we need to protect your (or someone else’s) interests, or
4.2. where it is necessary in the public interest or for official purposes;
5. Under limited circumstances we may also process your personal data based on your consent; and
6. Operational reasons that include access control, Investigations and access permit/card process (screening) when visiting any Sasol sites or premises.
In regard to specific processing activities, we may provide supplementary privacy notices to facilitate transparency, where the lawful basis, purpose or processing activities may need further elaboration.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you (by means of direct communication to you, a revised privacy statement or other appropriate means) and we will explain the legal basis which allows us to do so.
Based on the lawful reasons above, we may collect, store, and use the following categories of personal data about you:
1. basic information, such as your name, your employer, your title or position and your relationship to a person;
2. contact information, such as your physical address, email address and phone number(s);
3. financial information, such as bank account details;
4. technical information (including your IP address), such as information from your visits to our website or any applications or in relation to materials and communications we send to you electronically;
5. information you provide to us for the purposes of attending meetings and events, including access and dietary requirements;
6. information you provide to us when answering any surveys you may participate in, for example, our customer satisfaction surveys;
7. identification and background information provided by you or collected by us as part of our business acceptance processes;
8. identification and background information collected or generated by us as part of our conflict-of-interest management processes (including gift, entertainment and hospitality declaration processes);
9. identification, background and employment information, professional experience and affiliations, and medical and health information as part of your application for
employment with Sasol;
10. personal data provided to us by or on behalf of our clients or generated by us in the course of providing services which may include special categories of data;
11. details of your visits to any of our offices;
12. publicly available information in order to facilitate our business dealings with you or your employer; and
13. any other information relating to you which you may provide to us.
“Special categories” of particularly sensitive personal data are afforded higher levels of protection. Reference to Special categories of data includes race or ethnic origin, trade union membership, political persuasion, health or medical information and criminal behaviour.
We will only collect, store and/or use your personal data which falls within this category, if we have a valid justification for processing. As required by applicable law(s), we have appropriate policies and safeguards in place, when processing these categories of information.
We may process special categories of personal data under the following justifications:
1. in limited circumstances, with your explicit written consent;
2. where we need to carry out our legal obligations or exercise rights in connection with any contract we may have with you or the organisation for whom you work; or
3. where it is needed in the public interest.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your (or someone else’s) interests and you are not capable of giving your consent, or where you have already made the information public.
We may have to share your personal data with various internal Sasol functions and various entities within the Sasol group (e.g., Sasol Forensic Services, Sasol Security Services, Sasol HR, Sasol Group Ethics, etc.), as well as various third parties, including third-party service providers who are engaged to perform services on our behalf such as product or service delivery, credit reference checks, or business scoring.
Where appropriate, before disclosing personal data to a third party, we shall contractually mandate the third party to take adequate precautions to protect that data and to comply with applicable law.
In the event of a merger/acquisition or company re-structure, your personal data may be part of the transferred assets and are likely to be disclosed to the new company.
All our third-party service providers and all Sasol entities are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable legal requirements.
“Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group, such as:
(a) professional registrations;
(b) insolvency administrators;
(c) legal and other advisors to Sasol; and
(d) other independent service providers.
The above list is not exhaustive.
We may transfer your data globally, to perform any contract that we may have with you or for other legitimate reasons. For transfers of personal data to regions other than the European Union, we will ensure that appropriate safeguards are applied to the transfer of such personal data. All personal data will be transferred according to applicable data privacy laws and our privacy statement. Details of such safeguards can be obtained from the Sasol Chief Privacy Officer.
Sasol strives to secure the confidentiality, integrity and availability of your personal data by taking appropriate and reasonable, technical and organisational measures to prevent loss of, damage to, unauthorised use or destruction, and unlawful access to, or processing of your personal data. To this extent, we have due regard to generally accepted information security practices and procedures, and a dedicated information security team, which constantly reviews and improves our personal data security measures. We endeavour to secure your personal data stored on Sasol information systems and held in hard copy. Personal data contained in hard copy (paper) format is kept secure and safe in warehouses or lockable cupboards.
We will only retain your personal data, in accordance with our records retention policies. We will retain personal data for as long as it is necessary to fulfil the purposes for which we collected it or where we are legally entitled / obligated to do so. This includes for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the purpose for which we process personal data, the volume, the nature, and sensitivity of the personal data. We further consider the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Once we no longer have a lawful basis to process your personal data, we will securely destroy your personal data in accordance with our records management policies and applicable laws.
1, Data processed when you visit our website
1.1. Processed data collected:
If you visit our websites, your browser automatically transmits the following data:
• Date, time and duration of the time you have spent viewing a page
• Name of your Internet Service Provider
• The referring website
• The IP (Internet Protocol) address of your device / workstation / computer
• Your internet browser type and version
• The operating system of your device / workstation / computer
1.2. Purposes of data processing:
It is necessary to store data for a limited period of time to be able to effectively deliver the website to your browser with the necessary functionality. With the help of this data, we also obtain statistical information on how our websites are used. We also collect the data to secure, prevent and track access, or misuse of our websites and IT systems.
2.1. Processed data:
When you visit our website, we collect data with the help of cookies. Cookies are small
text files that are stored on your device. Cookies usually contain a cookie ID i.e., a unique
identification feature that can be used to identify your device.
Depending on the kind of the cookie, different data is collected and processed. Our website uses Analysis cookies: With the help of these cookies, we track your user behaviour when you use our websites, e.g., which parts of the websites you use and how often you visit our websites. We use first party cookies only.
2.2. Purposes of data processing:
Analysis cookies help us generate statistics on how our websites are used, for instance the number of requests, duration of the visits, which parts of our websites are the most popular. This helps us to measure how effective our presence on the Internet is, to evaluate the activity on the websites and coordinate website content and functionality to improve the user experience.
2.3. Retention period and controlling options:
Some of the cookies are deleted after the browser is closed (session cookies), while others remain permanently on your device and allow us to recognise your browser (permanent cookies).
You are able to disable the storage of cookies or selectively accept certain cookies in your browser. Please use the Help functions of your browser to learn how to change these settings. Note this may result in limited functionality of our website.
2.4. Google Analytics
2.4.1. Processed data:
We use the code "get. _anonymizeIP ();“. This results in Google shortening your IP address and allowing an anonymised evaluation. In addition, we utilise ”Google Analytics 4” in terms of which IP addresses are not logged or stored. Furthermore, the IP address submitted by your browser (not logged or stored) as part of Google Analytics will not be merged with other Google data.
The data collected with the help of cookies is usually transferred to a Google server and stored there.
See the Google Privacy statement [https://policies.google.com/privacy] for more
2.4.2. Purposes of data processing:
On our behalf, Google uses the data collected through Google Analytics to evaluate the use of our website, to compile reports on the website activities and to provide further information related to the use of the website.
2.4.3. Legal basis:
Data is processed based on your consent. You consent by clicking the button on our cookie banner.
2.4.4. Retention period and controlling options:
Data is stored for a period of 14 months. You can prevent the storage of the Google Analytics cookies by a corresponding setting in your browser. This may restrict the functionality of our website.
You may also prevent the collection of data generated by cookies and use of the website (including your IP address) by Google and the processing of such data by Google by not selecting Marketing cookies located on our cookie banner, this will place an opt-out-cookie on your browser.
Learn more by clicking on the following link:
3. Links to Sasol Social media pages
4. Data collected when you contact us
4.1. Processed data:
When you contact us via a contact form, via email or phone, we process the personal data you communicate to us, e.g., your name, your email address and your request. The data will be stored in a Sasol repository. The data marked as mandatory has to be provided in order to action your request. Refusal to provide certain information may result in Sasol being unable to action your request.
4.2. Purposes of data processing:
We use your data in order to process and respond to your request.
4.3. Legal basis:
We process data to take steps to fulfil your request, as it relates to our business activity.
4.4. Retention period:
We store your data as long as it is necessary to fulfil the purposes mentioned above. Should the business activity referred to above result in the conclusion of a contract or other business relationship to which you are party, your personal data may be stored as necessary according to that contract.
Privacy a fundamental right
At Sasol we respect your fundamental right to Privacy. Your trust and confidence is of paramount importance to us. Please see your privacy rights below, relating to the use of your personal data which may be exercised under certain circumstances.
1.1. Right to withdraw your consent:
You may withdraw your consent to the processing of your personal data at any time. Please note that the revocation does not affect the legality of the data processed thus far. However, we may be obliged by law to retain your personal data despite the withdrawal of your consent. As far as we process personal data for direct marketing purposes you have the right to object at any time.
1.2. Right to object:
You may object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
1.3. Right to access:
This right enables you to access the personal data we hold about you and to check that we are lawfully processing it.
1.4. Right to correction
The right enables you to have any incomplete or inaccurate information we hold about you corrected.
1.5. Right to data portability
Under certain circumstances, you may have the right to request the facilitation of a transfer of your personal data to another party.
1.6. Right to Deletion
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.
2. Your Duties
As the party responsible for the lawful processing and security of your personal data, we endeavour to treat your personal data according to this privacy statement, applicable law and international best practice. In order to facilitate the protection of your personal data, you have the following duties:
• duty to inform us when there are changes to your personal data;
• duty to safeguard your personal data; and
• duty confirm your identity in order to action your rights.
3. Contact point for asserting your rights:
Should you wish to exercise any of the privacy rights above, you can direct your queries
Our dedicated team would appreciate any comment or complaint, on this privacy statement, or our privacy practices as a whole, to assist us with ensuring we respect your privacy as you would reasonably expect.
You can file a claim with the respective data privacy supervisory authorities if you believe that our data processing does not meet the legal requirements, or we did not facilitate the exercise of your rights accordingly. Contact details for your local data protection regulator can be found on the internet, as follows:
• if you are in the European Union: https://edpb.europa.eu/about-edpb/about-edpb/members_en
• if you are in the United Kingdom: https://ico.org.uk/
• if you are in South Africa: https://inforegulator.org.za
• if you are in Singapore: https://www.pdpc.gov.sg/
• If you are in Japan: https://www.ppc.go.jp/en/
• If you are in China: http://www.cac.gov.cn/
You can also request them from the Sasol Chief Privacy Officer using the email address provided above.
We reserve the right, at our sole discretion, to modify, add or remove sections of this privacy statement at any time.
This privacy statement (and any updates to or amended versions of this privacy statement) may be published on Sasol's website as well as any other channels we may find appropriate.