1.1 SARS shall take all reasonable steps to protect the personal information of Users and for the purpose of this clause, “personal information” shall be defined as detailed in the Promotion of Access to Information Act 2 of 2000 (“PAIA”) read together with the Protection of Personal Information Act 2014 (“POPIA”). PAIA may be downloaded from http://www.justice.gov.za/legislation/acts/2000-002.pdf. Accordingly, SARS may in terms of POPIA:

1.2 Process personal information of Users. By processing, SARS may inter alia to electronically collect, store and use the following personal information of Users:

1.2.1  name and surname;

1.2.2  contact numbers;

1.2.3  non-personal browsing habits and click patterns;

1.2.4  e-mail address;

1.2.5  IP address;

1.2.6  User selected password.

1.3 SARS collects, stores and uses the abovementioned information for the following purposes:

1.3.1 communicate requested information to the User.

1.3.2 provide the User with access to restricted pages on this website.

1.3.3 compile non-personal statistical information about browsing habits, and access to the SARS website.

1.4 Information detailed above is collected either electronically by using cookies or is provided voluntarily by the User. Users may determine cookie use independently through their browser settings.

1.5  SARS may collect, maintain, save, compile, share, disclose and sell any information collected from users, subject to the following provisions:

1.5.1  SARS shall not disclose personal information from Users unless the User consents thereto.

1.5.2  SARS shall disclose information without the User’s consent only through due legal process.

1.5.3  SARS may compile, use and share any information that does not relate to any specific individual.

1.6  SARS owns and retains all rights to non-personal statistical information collected and compiled by SARS.

1.7 As a general rule, SARS shall process Users’ personal information for a specific, explicitly defined and lawful purpose related to its function or activity.

1.8 SARS shall process personal information in a manner that is adequate, relevant and not excessive.

1.9 After processing such personal information, SARS shall not retain such information longer than it is necessary for achieving the purpose for which it was collected unless further processing is necessary or required and it is compatible with the purpose for which it was initially collected.

1.10 SARS shall destroy, delete or de-identify personal information as soon as is reasonably practical and is no longer authorised to retain such record.