Who we are

Porcupine Union (Pty) Ltd provides various unique outsourced services to its clients (‘Porcupine Union’, ‘PU’, ‘we’, ‘us’ and ‘our’). Porcupine Union operates in various jurisdictions, including South Africa, Namibia and the European Union. We’re, depending on the circumstances, either a ‘controller/responsible party’ or a ‘processor/operator’ in terms of the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act No. 4 of 2013 (POPIA) of your personal data and as such we want to take specific steps to make sure you’re fully aware of exactly who we are, the types of personal data we process, how we process it, why we need to process it, what our legal basis for processing is, who we may need to share it with, as well as what your rights are about our processing of your personal data in terms of applicable laws. We process the personal data of our clients, employees, service providers, suppliers, and various other stakeholders who enable us to operate (‘business contacts’) and to do business with them or provide our services to them as required. In this notice, ‘you’ means you as an individual and the entity you may represent, who we’re dealing with, and whose personal data we may need to collect and process to provide the requested services or the entity you represent. We may need to collect and process your personal data for the purposes described below.


The personal data we collect

We take your privacy very seriously. We only collect and process personal data (and, where applicable, special personal data) for specific purposes connected to our legitimate business operations and info. We generally need to comply with our obligations towards you and with obligations imposed upon us under applicable laws regulating us.

Porcupine Union processes the personal data you provide for the following purposes:

To contact you

When we contacted you, your personal info would’ve entered Porcupine Union’s environment, where it’s available for our trained staff. Our staff receive appropriate info privacy training and will ensure that your info is securely entered into our systems where it can be protected from a technical info security perspective. When we contact you after having obtained your contact info from someone other than yourself, we’ll tell you where it came from and ask you whether you’d like to proceed with the relevant engagement.

To deliver our products and services

Once you’ve got a contract with us or any of the businesses we represent, your profile resides in Porcupine Union’s system. Your data can only be accessed by authorised employees or service providers who have access to it for us to perform in terms of our contract with you and to ensure you’re satisfied with our service. We’ll need to share your personal data with our business contacts to deliver our products and services and always ensure you’re satisfied. We may also need to share your personal data with other third parties (your selected contact persons, payment providers, our service providers, suppliers, and business partners). When we do so, we do so in terms of specific agreements or mandates, which ensure these selected third parties comply with the applicable data privacy laws an per the framework of POPIA and the GDPR. If we ask you for permission to share your personal data with anyone else, and for som reason, such sharing isn’t provided for in our privacy policy or our contract with 1 another, we’ll always take reasonable steps to get your permission.

To market to you

If you’re a client

If you’re our client, you form part of a select base. We’d be honoured to allow you to partake in our future value offerings. Complying with applicable privacy laws, such as POPIA and the GDPR, is a wonderful opportunity for us to ensure that the products and services we market to you in the future suit your specific profile.

If you want to be a client

If you aren’t a client, we want you to be and know that you’ll gain tremendous value from being part of the Porcupine Union family. We want you to learn more about how our products and service offerings are expanding, what we’re doing and how we can help you, so please allow us to contact you. Every time we contact you for marketing purposes, regardless of how we do so, we’ll always ask you whether you’d like to opt out. We’ll always respect your decision and ask that you consider it carefully before proceeding.

To comply with applicable laws

We must comply with many essential laws and regulatory requirements. We take our compliance obligations seriously, so we’re legally required to collect and process certain data info for specific purposes. We also reserve the right to disclose your personal data to enforce any terms and conditions of our commercial agreement. This notice applies to all data (including all personal data) past, present or future submitted by you to Porcupine Union or which we otherwise obtain in undertaking our normal business activities.


How your personal data is collected

We may use ‘active processing’ and ‘inactive processing’ to collect and process personal data. When Porcupine Union uses ‘active processing’ to collect your personal data, it’s directly provided for under a specific Porcupine Union dealing. In instances where Porcupine Union uses ‘inactive processing’, your personal data isn’t actively provided to Porcupine Union. For example, when Porcupine Union deploys passive processing means and certain technologies to collect info from you or when cookies, web beacons, embedded scripts or device identifiers are deployed on the website Porcupine Union makes use of.


Managing cookies

You can set your browser not to accept cookies. However, in the case of Porcupine Union’s website, if you don’t use cookies on our website, this may influence your ability to use certain features. Please view our cookie policy.


Who we share your personal data with

Porcupine Union primarily holds info and data within the territories we operate. We may, however, occasionally transfer personal data to service providers and data centres in other regions, but only for the above-mentioned lawful purposes and always subject to Porcupine Union’s privacy policy. It may be necessary to share your personal data with select business contacts and service providers on a need-to-know basis. We assure you that we’ll consistently apply our privacy policy to our business contacts and establish a lawful justification, which may include consent for sharing personal data with any third party. We’ll conclude written agreements with them to ensure your personal data remains secure and confidential and is only used for the agreed purpose. Be advised that we use service providers to help us render our services or deliver our products. We also use service providers to manage and maintain our systems and data processing infrastructure.


Where we store your personal data

Porcupine Union has implemented reasonable technical and organisational info security measures to protect personal data. Porcupine Union securely stores all your personal data using a combination of cloud-based and on-site storage facilities. Consequently, in storing your personal data, we may transmit or transfer personal data from the territories we operate to foreign countries with different data protection laws. Porcupine Union always ensures that these foreign countries protect data to the extent that compares to how we do, which is acceptable to us. Despite all our attempts to keep your personal data safe and secure, unauthorised access remains a possibility. Porcupine Union will not take responsibility for anyone outside of Porcupine Union’s control breaching its security measures. You must review the use and security conditions of any third party you deal with, although it might be indirectly through Porcupine Union.


How long we store your personal data

Porcupine Union will store or retain your personal data for the period required by Porcupine Union’s legitimate interest to do so or for the period necessary to comply with our legal and regulatory obligations related to the storage of specific types of records or info.


Your rights

You have rights regarding your personal data, but remember that there may be various considerations in deciding how to deal with any requests. Contact us at [email protected] so that we can review and process the request and provide a response.


Your rights include the following:

  • Right of access: You can ask us for a copy of your personal data we hold.
  • Right to know: You can ask us what personal data was or is shared with any of our business contacts or third party.
  • Right to change: You can ask us to update your personal data or delete any personal data that’s no longer accurate or relevant.
  • Right to object: You can object to our processing of your personal data and withdraw any specific and informed consent provided previously.
  • Right to report: You can lodge a complaint with the relevant authorities if you feel aggrieved by how we’ve processed your personal data.


Porcupine Union is subject to the Information Regulator.


Here are the contact details:

The South African Information Regulator

Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Phone no: +27 10 023 5200

Email: [email protected]

As you know by now, we’re serious about keeping your info secure and only processing it for business operation purposes. As such, we implement reasonable security measures and protocols to protect the personal info we’re privileged to hold. These measures protect any personal info we hold from disclosure without authorisation, loss, damage, destruction, or unauthorised access. As you’ll appreciate, nothing is 100% secure today. Therefore, if you suspect that you or we have had an info security breach, please notify us immediately so we can take action. You can contact Dinos Kaparos, whose info is also below. If you need to speak with our info officer, please get in touch with them.


Contacting us

If you have any questions about Porcupine Union’s privacy policy or the personal data we hold, or if you’d like to exercise any of the rights you may have, please get in touch with our info officer, Dinos Kaparos.

Here are the contact details:

Physical address: Menlyn Corporate Park, Block A, Cnr Garsfontein Road & Corobay Avenue, Waterkloof Glen X11, Pretoria, 0181

Email: [email protected]