In order to remain an accredited association with the South African Police Service (Central Firearms Registry (SAPS [CFR]), the National Hunting and Shooting Association (NHSA) must comply with the stipulations of Regulation 2(7), 2(8), and 4(2)(a) of the Regulations (2004) of the Firearms Control Act, 2000 (Act 60 of 2000 as amended) (FCA). These Regulations inter alia stipulate that an accredited association must maintain a register of its members, which register must contain the full names, ID number and residential address of the member.
As NHSA strictly functions in the electronic domain only, and maintains no paper-based administration or processes, it follows that NHSA shall maintain an Electronic Members Database where it must securely capture and store the minimum of required Personal Information of its members in order for it to comply with the requirements of the FCA as stated above. And to further also conduct its stated business in an effective and efficient manner, in order to render the high level of service delivery it stands for and as is contracted with members when they enrol for membership with the Association.
In this context NHSA is bound by, and adheres to, the stipulations of Section 14(d) of the Constitution of the Republic of South Africa, 1996 (Act 108 of 1996 as amended), and by the stipulations of specifically but not exclusively, of Chapter 3, and acknowledge and make ourselves subjected to the prescripts of Section 51, of the Protection of Personal Information Act, 2013 (Act 4 of 2013) (the PoPI Act), for as far as NHSA may use or make available the Personal Information it collects from its members.
1. Secure Electronic Storage of Personal Information
In adherence to the stipulations of Section 19 of the PoPI Act (2013), the electronic membership database of the NHSA is as secure as it can be humanly possibly be made with continuous industry relevant updates of software to enhance existing high level NHSA security measures. These same high level of security measures are taken by the NHSA’s internationally renowned associates where NHSA keeps and maintains its electronic database on nationally and internationally based electronic computer server systems world wide.
1,2 NHSA follows generally accepted industry standards to protect the Personal Information submitted and in its possession, and especially those sections of Personal Information described as a “Unique Identifier” in the PoPI Act (2013), both during transmission and once NHSA has received it. For example, when a member enters sensitive information through NHSA Services, NHSA encrypts that information using secure socket layer technology (SSL). (see web address https://natshoot.co.za signifying that all data contained therein is encrypted on the highest possible levels of electronic security).
1.4 In Email communications from members to NHSA, additional Personal Information not originally collected, is frequently communicated inadvertently. This kind of information will receive the same kind of security and level of protection by NHSA as are afforded all Personal Information collected and kept by NHSA.
1.5 MEMBERS ARE, HOWEVER, REMINDED THAT DESPITE THE NHSA‘s COMPLIANCE WITH THE PRESCRIPT RE PROTECTION OF PERSONAL INFORMATION CONTAINED IN THE PoPI ACT, NHSA CANNOT PROTECT A MEMBER’S PERSONAL INFORMATION IF THE MEMBER DOES NOT PERSONALLY TAKE CARE TO PROTECT SUCH PERSONAL INFORMATION FROM MISUSE DUE TO THE MEMBER’S USE OF OTHER WEB-BASED APPLICATIONS AND SERVICES OR DISCUSSION GROUPS S/HE MAY BE PART OF, OR PARTAKE IN, WHERE SUCH PERSONAL INFORMATION MAY OR COULD ALSO BECOME ACCESSIBLE.
2. Personal Information Collected
2.1 By joining NHSA, and remaining a member, a member consents to the collection of the following Personal Information, which constitutes the only Personal Information NHSA will collect in respect of its members and kept stored on its electronic members database in order for NHSA to render the services it has contracted to deliver to its members (see Sections 10 and 13 of the PoPI Act ).
2.2 Initials, First name & Surname: NHSA needs to know to who membership is awarded, and the Initials and Surname of a member has to reflect on all official NHSA documents which are needed for all applications made to SAPS (CFR) regarding firearm licences (despite being a requirement as stipulated by Regulation 4(2)(a) of the FCA Regulations ).
2.3 ID Number: it (a) becomes a members’ membership number; (b) becomes the primary search “term” to access members’ data on the NHSA electronic members database, and (c) it has to reflect on all official NHSA documents which are needed for all applications made to SAPS (CFR) regarding firearm licences (despite being a requirement as stipulated by Regulation 4(2)(a) of the FCA Regulations ).
2.4 Gender: in order (a) for NHSA to keep statistics on membership and possible extension of needs per gender group, and (b) it has to reflect on all official NHSA documents which are needed for all applications made to the South African Police Service regarding firearm licences.
2.5 Language: the member’s preferred language for communication.
2.6 Date of Birth: in order for NHSA to determine membership categories and for financial and other administrative purposes (i.e. the annual national postal target shooting competition). It is also the first six numbers of a member’s ID number, which ID number has to reflect on all official NHSA documents which are needed for all applications made to SAPS (CFR) regarding firearm licences.
2.7 Email address: in order for NHSA to be able to directly communicate with members (NHSA only communicates with members via Email). Therefore, NHSA does not accept membership applications of individuals who do not have an Email address as it would be unfair to that individual as s/he may default in many different ways due to not being in communication with NHSA.
2.8 Postal address & Courier address: in order to post documents to members if need be, and/or to courier NHSA documentation to members (last mentioned method is the preferred method of delivering NHSA documentation to members).
2.9 Telephone numbers: Specifically Cell Phone numbers, in order to (a) be able to urgently contact a member if need be, or to (b) communicate with a member via SMS message, and to (c) serve as a member’s user-id when logging into his/her Personal Natshoot web pages.
2.10 Electronic Location: NHSA may collect and store information about a member’s location if a member enables his/her computer or mobile device to send NHSA location information. Members are able to change the settings on their computer or mobile device to prevent it from providing NHSA with such information. The information is used as a mechanism for the protection of the integrity of the NHSA’s electronic communications and for NHSA electronic evaluations for the dedicates status courses it presents.
2.11 The Personal Information collected and stored by NHSA thus complies with the stipulations of Sections 10 and 13 of the PoPI Act (2013). Only the minimum of a member's personal detail are retained on our system when a member resigns from the Association to enable us to answer questions SAPS might have regarding such a member.
2.12 The above stated Personal Information of members, which is collected and stored by NHSA, is also in many instances, clearly not new information pertaining to an individual who has been using web-based services for a while, as such member’s Personal Information could already have been captured in one or other manner by a number of other Service Providers with which the specific member interacts with on the internet.
2.13 Banking and/or other member specific financial information required for online payments are collected by the specific Service Provider rendering the service for NHSA. The Service Provider will enter into a separate contract with the member in order to render the specific service, and it is up to the member to authorise such Service Provider to store a member’s banking or financial information as the member sees fit. NHSA has nothing to do with these transactions a member enters into.
3. Personal Information Submitted by a Member
3.1 NHSA may store the information a member submits in order for him/her to be able to use the Services. NHSA uses this submitted information to fulfil a member’s requests, provide Service functionality, improve Service quality, personalize member’s experience, display relevant advertising, provide customer support, send messages to a member, back up our systems, allow for disaster recovery, and comply with stated legal obligations.
3.2 Account registration: a member must provide a valid Email address at enrolment in order to sign up for an account through the Services (such an account is automatically created for a member at enrolment). Once a member has signed up for a NHSA account, s/he will start to receive Emails from NHSA. A member may manage his/her Email preferences and modify some of the information associated with his/her account on his/her personal profile – see https://natshoot.co.za/login.
3.3 A NHSA member cannot opt out of electronically receiving required NHSA administrative or legal notices via his/her provided Email address. If a member should feel that an unauthorized account has been created depicting his or her likeness, s/he can request its removal by sending email to firstname.lastname@example.org. In which case that account will be immediately deleted from the NHSA electronic members database, without following the normal procedures mentioned in paragraph 11 below.
3.4 A person cannot sign up by logging into online accounts s/he may have with third party service providers.
3.5 Public Content: Any information a member may reveal in a rating or review posting or other online discussion or forum is intentionally open to the public and is not in any way private. A member should think carefully before disclosing any Personal Information in any public forum. Members do not have permission to disclose any Individually Identifiable Information re the NHSA in any public forum. What a member has written may be seen and/or collected by third parties and may be used by others in ways NHSA are unable to control or predict.
3.6 Contacts & messaging: A member may invite friends, colleagues, businesses, and others whom s/he knows (collectively, “Associates”) to join the Services by providing the NHSA contact information, either of the website address or via Facebook at Nhsa.natshoot.
3.7 Members are advised that when they send an invitation to connect to an Associate or another User, that Associate or User will have access to the member’s email address because it is displayed in the invitation. The invitation may also contain other Services Content about the member, such as name and photograph, to help the User or Associate identify who is sending the invitation. A member’s NHSA connections will also have access to the member’s Email address. Members may thus not invite anyone s/he does do not know and trust, to connect with him/her.
3.8 All Personal Information electronically stored by NHSA is strictly in the format provided and entered by members themselves and that data will not be changed by NHSA without express request by a member in person (no such request through a third party will be given any attention or regulate any action by NHSA).
3.9 NHSA explicitly states that it at all times remains the responsibility of a member to ascertain that his/her contact details are up to date on the NHSA electronic members databasis. NHSA will not be held responsible should any contact details of a member change and the member has not made provable effort to either personally change such detail on his/her profile page on his/her Personal Natshoot web page, or by sending an Email to request updating of personal contact details to email@example.com.
4. Information Provided on Behalf of Minors
4.1 In terms of the stipulations Sections 34 and 35 of the PoPI Act (2013), NHSA does not collect Personal Information of minors other than such information being submitted by the minor’s parent or legal guardian.
4.2 NHSA does not allow membership of minors under the age of 13 years, except if there are specific reasons why a parent or guardian of such a minor would want that minor to have membership. A written application and a communications procedure will be entered into with the parent of guardian of such a minor when application is made for such a minor to join NHSA through his/her parent or guardian.
4.4 If a user is under the age of 18, they should not, and have no permission to use the Services. Enabling access to Email and Internet Services for minors remain the responsibility of parents or legal guardians of minors.
5. Electronic Activity & Use (Analytics Services)
5.1 NHSA may collect and store information related to a member’s use of the electronic Services it renders, such as browser type, IP address, unique device identifier, requested URL, referring URL, browser language, the pages members view, and the date and time of members’ visits. This in order to build a picture of where NHSA can better its services to members and to remain relevant in the electronic communications era.
5.2 NHSA may also use third party analytics services in connection with the Services. For example, NHSA may use services to record mouse clicks, mouse movements, scrolling activity, and/or clicks, as well as any text that members type into the Services (collectively, “Traffic Data”). These analytics services will not collect Personal Information which members do not voluntarily enter (see NHSA User Agreement - https://natshoot.co.za/legal/user-agreement) .
5.3 These services will not track members’ browsing habits across websites which do not use their services. NHSA will use the information collected from these services to find usability problems and to make its Services easier to use. These recordings will never identify members or their accounts. NHSA only records anonymous user information, and stops such recording before a person signs-in or creates an account. Should NHSA decide to use any third party analytics services that track or collect Personal Information, NHSA will always provide members with advance notice and a member is then free to op out of such a process.
6. Cookies and Similar Mechanisms
6.1 “Cookies” are small computer files that are transferred to a member’s computer hard drive that contain information such as user ID, user preferences, lists of pages visited and activities conducted while browsing the Services. At the member’s option and own responsibility (and possible to his/her own expense), a member may block cookies or delete cookies from his/her hard drive. However, by disabling cookies, members may not have access to the entire set of features of the Services
7. Third Parties
7.1 NHSA does not rent, share, sell or trade Personal Information or members’ Demographic Data with third parties for marketing purposes.
7.4 Links: The Services may contain links to unaffiliated third party websites. Except as set forth herein, NHSA does not share members’ Personal Information with them, and are not responsible for their privacy practices. NHSA suggests that members read the privacy policies on all such third party websites.
7.5 Trans-border information flow: NHSA stores backups of its System on servers in specifically European countries for sake of security and for sake of effectiveness of such services rendered by international service providers. This NHSA procedure complies with the prescripts of Section 72(1)(d) and 72(1)(e) of the PoPI Act (2013).
8. Use and Disclosure of Members’ Personal Information
8.1 Customization and Contact: The objective of collecting Personal Information from members is to provide an efficient, meaningful, and customized experience. For example, NHSA can use Personal Information to: (a) help make the Services easier for members to use by not having to enter information more than once; (b) help members to quickly find information and services; (c) help NHSA to create content that is most relevant to members; and (d) alert members to new information and Services offered by NHSA.
8.2 NHSA may use members’ Contact Data to send members information about NHSA or on NHSA products or Services, to contact members when necessary, including to remind members of upcoming or follow-up appointments, and in conjunction with members’ use of certain interactive tools. NHSA may use members’ Demographic Data or Traffic Data to customize and tailor members’ experience on the Services, in Emails and in other communications, displaying content that NHSA thinks members might be interested in and according to members’ preferences.
8.3 Due to the nature of the administrative procedures employed by NHSA, all NHSA personnel have access to members’ Personal Information on the NHSA electronic members database. NHSA personnel all subscribe to high ethical standards in respect of the content of this policy document, and are bound by a non-disclosure clause in their employment contracts re the possible disclosure of any NHSA electronic information to third parties and are liable in instances of transgression of that clause.
9. Duration of Retention of Personal Information
9.1 Once a person has been accepted as a member of NHSA, his/her Personal Information collected at enrolment as identified under paragraph 2 above, will be stored in the format provided by the member for as long as the person remains a paid-up member, unless the member changes the contact details on his/her Personal Natshoot web page, or requests NHSA to do so on his/her behalf. This in order for the NHSA to be able to continuously render the contracted services to the member which s/he had joined and paid the Association for.
9.2 The full Paragraph 2 disclosed Personal Information of members provided at enrolment will be stored for a maximum of two years after the last date on which the member had to update his/her membership, should the member default on payment of membership fees. After two years of not updating membership with the Association, a member’s Surname, Initials and ID number will permanently remain on the NHSA database for future reference should that person one day again apply for membership. All other Personal Information the NHSA has in possession re that member will be permanently deleted from the NHSA electronic members database (see 9.4 below).
9.3 The Surname, Initials and ID number of a member who’s membership of NHSA terminates for whatever reason, will permanently remain on the NHSA database for future reference should that person one day again apply for membership (or for administrative purposes should such a member pass away). All other Personal Information the NHSA has in possession re that member will be permanently deleted from the NHSA electronic members database (see 9.4 below).
9.4 The NHSA electronic membership database, however, retains the references of all official NHSA documents issued and linked to any member at any time in the past for possible management of liability issues, and to protect NHSA against fraudulent transactions entered into by non-active former members on strength of NHSA documentation issued at the time the member was on the electronic members database marked as an active member of the Association.
10. Change in Control
11. Changing and Deleting Personal Information (To be read with paragraph 9)
11.1 As a registered User of the Services, a member may modify some of the Personal Information s/he had included in his/her profile or change his/her username by logging in and accessing his/her Natshoot account.
11.2 On resignation from the Association by a member or by taking action as described in paragraph 9.2 and 9.3, NHSA will use all commercially reasonable efforts to delete a member’s account and the Personal Information in a member’s profile; however, it may be impossible to remove a member’s account without some residual information being retained on the NHSA system.
11.3 When a member’s account is deleted, s/he understands that removed Content may well persist in backup copies for a reasonable period of time (but will not be available to others). Furthermore, to the extent that Content about members have been shared with others, or other Users have independently uploaded and/or retained Content about a member, such Content may also remain on the Services.
11.4 For example, while NHSA will remove a member’s account profile and the ability for others to contact a member through the Services or access a member’s Personal Information, some Content about a member may be retained in the individual pages for groups or businesses a member could have contacted through the Services or outside of the Services.
11.5 Registered users who wish to close their account with NHSA, for whatever reason, should send such a request for removal by sending an Email to firstname.lastname@example.org.
12. Relevant Technical Aspects of the NHSA Members Database
12.1 For safety reasons data is hosted on a cloud environment and not on a shared server. This server is not shared with other website but dedicated to the NHSA system.
12.2 There is no public access to a member's data, a member or system admin must log in to access a member's data. A system admin can only be access the data through an SSL encrypted connection with a private and public key that is unique to a users computer.
12.3 Passwords are encrypted and hashed with a salt and can not be decrypted.
12.4 Cookies used for authentication are encrypted.
12.5 Data backups are encrypted
12.6 Cross site request forgery prevention is implemented on authentication pages
12.7 Log in forms are throttled to only 3 tries per minute to prevent brute force attacks
13. Complaints Process
13.2 Members consent to resolve in Gauteng North, any dispute that a member may have with NHSA regarding the execution or results of the procedures described of this Policy Document.
13.3 If members would want to lodge complaints against the manner in which the NHSA manages and secures its electronic membership database, based on reasonable and factual grounds, they must please contact the independent Information Regulator, appointed in terms of Section 39 of the PoPI Act (2013).
13.4 Members may also send complaints via an Email with full details to email@example.com so that the complaint can be investigated and immediate mitigations set into motion to rectify the problem should the complaint be proven to be true.
13.5 Members further consent to resolve in Gauteng North, any dispute that a member may have with NHSA regarding the execution or results of the procedures described of this Policy Document.
Copyright April 2016 NHSA & natshoot.co.za. All rights reserved.