Privacy Policy
1 Application of Privacy Policy
This privacy policy of Caledonia Mining Corporation Plc and its group entities (“Caledonia”, “us”, “we” or “our”) applies to Caledonia’s processing of personal data in relation to our business, including amongst others:
· when you request information from us;
· when you invest in our business;
· as a result of your commercial relationship with us;
· when you apply for a job or work placement;
· when you visit our offices, mines and exploration project sites; and
· when you visit and/or use our website.
This Privacy Policy explains how we collect, use and protect your personal data. Respecting and protecting your privacy and your personal data is very important to us. Your personal data will be held by us in accordance with applicable data protection laws, which may include the laws of Jersey or the European Union’s General Data Protection Regulation. For the purposes of data protection laws in Jersey, the controller is Caledonia Mining Corporation Plc (registration number 60449) who is registered with The Office of the Information Commissioner in Jersey. For all other countries, the controller will be the relevant Caledonia entity in your country. Additional information in this regard may be found in the country-specific sections at the end of this Privacy Policy.
If you have any questions in relation to this Privacy Policy, please contact us at:
Data Protection and Privacy
Caledonia Mining Corporation Plc
2 Mulcaster Street
St Helier
Jersey JE2 3NJ
Telephone: +44 1534 679800
Email: dataprotection@caledoniamining.com
Please read this Privacy Policy to understand how we will collect and use your personal data and the rights you have in relation to your personal data. This Privacy Policy was last updated on the date below and may vary from time to time so please check it regularly. By visiting our website or otherwise engaging with Caledonia, you acknowledge the terms of this Privacy Policy and the use and disclosure of your personal data as set out in this Privacy Policy.
2 How We Collect Your Personal Data
(a) Investors
We collect certain limited information about our investors or potential investors. Caledonia’s share register can be inspected by contacting Computershare Investor Services (Jersey) Limited in Jersey or Computershare Investor Services Inc. in the United States of America.
(b) Business Contacts, Contractors and Suppliers
We collect certain limited personal data about our business contacts, both in the context of being a gold exploration and production company with its shares listed on the NYSE American and with our depositary interests representing our shares admitted to trading on AIM in London and our depositary receipts representing our shares listed on the Victoria Falls Stock Exchange, and of our contractors and suppliers (including subcontractors and individuals associated with our contractors, suppliers and subcontractors), and other service providers (including professional advisors and individuals associated with our service providers). Personal data collected in this context is usually (but may not exclusively be) limited to name, employer name, contact title, position with the employer, phone, email and other typical business contact details. We may also collect the health information of our contractors where they render services at our mines and/or exploration project sites and where legally required.
We also carry out regulatory and optional Know-Your-Client (KYC) screening against our contractors, suppliers and subcontractors and other service providers, and we will collect data including directorships, shareholding, financial probity, identity, criminal records, court and arbitration proceedings and applicable sanctions, concerning those contractors, suppliers and subcontractors.
(c) Website Users
When you visit our website, we may collect the following information from you directly and/or automatically:
(i) information you provide by completing subscription, registration and application forms (including when you submit material or request further services). This will usually (but may not exclusively) be limited to name, phone, email and other contact details;
(ii) information you provide to us if you contact us, for example to raise a query or comment; and
(iii) details of visits made to our website such as the volume of traffic received, logs (including, the internet protocol (IP) address and location of the device connecting to the online services and other identifiers about the device and the nature of the visit) and the resources accessed.
(d) Careers and Recruitment
If you apply for a job or work placement you may need to provide information about your education, employment, nationality, racial background and state of health. Your application will constitute your express consent to our use of this information to assess your application and to allow us to carry out both recruitment analytics and any monitoring activities which may be required of us under applicable law as an employer. We may also carry out screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks) and consider you for other positions. We may disclose your personal data (including diversity and equal opportunities data) to academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees and your current and previous employers. We may also collect your personal data from these parties in some circumstances. Without your personal data we may not be able to progress considering you for positions with us.
(e) Visitors to Our Offices, Mines, and Exploration Project Sites
We may have security measures in place at our offices, mines, and exploration project sites, including CCTV and building access controls. CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We may require visitors to our offices, mines and exploration project sites to sign in at reception and keep a record of visitors (including in some cases a photograph of the visitor) for a short period of time. Our visitor records and details of you are securely stored and only accessible on a need to know basis (e.g. to look into an incident).
3 Why We Collect Your Personal Data
We use personal data for the following non-exhaustive list of purposes:
(a) Administering, Managing and Developing Our Businesses and Services.
We process personal data in order to run our business, including:
(i) managing our relationship with investors;
(ii) developing our businesses and services;
(iii) recruiting appropriate personnel;
(iv) promoting goods and services;
(v) maintaining our own accounts and records;
(vi) reporting, auditing and assessing our operations, including from financial, tax, accounting, privacy, security or compliance perspectives;
(vii) maintaining and using IT systems;
(viii) hosting or facilitating the hosting of events; and
(ix) administering and managing our website and systems and applications.
(b) Receiving Services
We process personal data in relation to our suppliers, service providers and their staff as necessary to receive the services in question. For example, where a supplier is providing us with facilities management or other outsourced services, we will process personal data about those individuals that are providing services to us.
(c) Security, Quality and Risk Management Activities
We have security measures in place to protect our information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake. For example, automated scans to identify harmful emails.
(d) Defending our legal rights
We may process personal data to manage and respond to actual and potential legal disputes and claims, or to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
(e) Planning and/or facilitating business transactions
Personal data may be processed in respect of any actual or contemplated merger, acquisition, asset sale or transfer, financing or restructuring of all or a part of our business.
(f) Complying with legal obligations
We may process personal data to comply with the law or any legal obligations imposed on us from time to time (including responding to subpoenas, court orders or other regulatory enforcement requests).
4 Who Do We Share Your Data With?
We may share your personal data with the following categories of recipients:
(a) Related Entities
Your personal data will be used by us and may be disclosed to our group companies and entities.
(b) Regulatory Bodies
We may disclose your personal data:
(i) to regulators and law enforcement agencies (including those responsible for enforcing anti-money laundering and sanctions legislations);
(ii) in response to an enquiry from a government agency;
(iii) to data protection regulatory authorities (including The Office of the Information Commissioner in Jersey);
(iv) to third parties in order that they make notifications in accordance with obligations under the OECD’s Common Reporting Standard (CRS) or the Foreign Account Tax Compliance Act (FATCA) or any other similar rules; and
(v) to any other regulatory authorities with jurisdiction over our activities.
(c) Service Providers
We may disclose your personal data to third party service providers who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your data in order to provide us with their services and will not be able to use it for their own purposes.
(d) Professional Advisors and Auditors
We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
(e) Business transfers
In the event that we transfer, sell or buy, or contemplate transferring, selling or buying, any business assets, or are part of any actual or contemplated merger, financing, restructuring or similar process, we may disclose your personal data prior to the completion of such process and where necessary for due diligence or to otherwise plan the merger, sale, purchase, transfer, financing, restructuring or similar process. If Caledonia or substantially all of its assets are acquired by a third party, personal data held by us about our clients and suppliers will be one of the transferred assets.
5 What Are My Rights?
You have various rights in relation to the data which we hold about you. We have described these below. To get in touch with us about any of these rights, please use the contact details provided above.
We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please also note that we may keep a record of your communications to help us resolve any issues which you raise.
Applicable data protection laws may give you the following rights in relation to your personal data:
(a) Right to Object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
(i) because it is in our legitimate interests to do so (for further information please see paragraph 10 below);
(ii) to enable us to perform a task in the public interest or exercise official authority;
(iii) to send you direct marketing materials; or
(iv) for scientific, historical, research or statistical purposes.
(b) Right to Withdraw Consent
Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
(c) Data Subject Access Requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
(d) Right to Erasure
You have the right to request that we “erase” your personal data in certain circumstances. Normally, this right exists where:
(i) the data are no longer necessary;
(ii) you have withdrawn your consent to us using your data, and there is no other valid reason for us to continue processing (including storing) such data;
(iii) the data has been processed unlawfully;
(iv) it is necessary for the data to be erased in order for us to comply with our obligations under law; or
(v) you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
(e) Right To Restrict Processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
(f) Right To Rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
(g) Right Of Data Portability
In certain circumstances, you may have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold about you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
(h) Right To Complain
You have the right to lodge a complaint with the applicable regulator. If you are based in Jersey this will be the Jersey Office of the Information Commissioner. The regulator can be contacted at the following:
Jersey Office of the Information Commissioner
2nd Floor
Castle Street
St Helier
Jersey
Channel Islands
JE2 3BT
Tel: +44 1534 716 530
Email: enquiries@oicjersey.org
For all other countries, please contact Caledonia at the contact details on the first page and we will provide you with the relevant contact details.
6 Cookies
Cookies are small data files sent by a website to your computer that are stored on your hard drive when you visit certain online pages of our website.
Cookies allow the website to identify and interact with your computer. We do not use cookies to retrieve information that was not originally sent by us to you in a cookie.
You can set your browser to accept or reject all cookies, or notify you when a cookie is sent. If you reject cookies or delete our cookies, you may still use our website, but you may have reduced functionality and access to certain areas of our website or your account.
Your continued use of our website is your acceptance of our continued use of cookies on our website.
7 Security
We will take all reasonable precautions necessary to protect your personal data from misuse, interference and loss; and unauthorised access, modification or disclosure.
This includes, for example, the protection of passwords using industry standard encryption, measures to preserve system security and prevent unauthorised access and back-up systems to prevent accidental or malicious loss of data. We may use third party data storage providers to store personal data electronically. We take reasonable steps to ensure this information is held as securely as information stored on our own equipment.
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.
8 International Transfers of Data
The data that we collect from you will be transferred to, and stored at, destinations both within and outside the European Economic Area (EEA). As discussed above, we may disclose your personal data to our group companies, for example if you are visiting a mine or exploration project site outside of the EEA, and service providers, some of whom may be located outside of the EEA.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example, this could be:
(a) by way of an intra-group agreement between our entities, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws;
(b) by way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws;
(c) by transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions;
(d) by transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation;
(e) where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
(f) where you have explicitly consented to the data transfer.
Where we transfer your personal data outside the EEA and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
9 How Long Will We Keep Your Personal Data?
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation or arbitration) or if we require it to enforce our agreements.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
10 Legal Conditions For Using Your Personal Data
There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.
(a) Where Using Your Data Is In Our Legitimate Interests
We are allowed to use your personal data where it is in our interests to do so, and those interests are not outweighed by any potential prejudice to you.
We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:
(i) facilitating our internal business and mining operations, work management and maintaining proper business records;
(ii) providing marketing communications to interested parties;
(iii) administering databases (including our contracts database);
(iv) establishing and managing good commercial or stakeholder relations with you or the organisation with which you are associated;
(v) engaging in mergers, business sales, transfers or acquisitions or joint ventures;
(vi) receiving and providing services (including maintaining records of business relationships);
(vii) investigating or responding to any incidents, complaints or grievances;
(viii) authenticating your access to and protecting and maintaining the security and safety of Caledonia owned or operated premises, sites, systems and assets and people;
(ix) helping us to learn more about customers, stakeholders and products, services or information you receive or may be interested in receiving;
(x) giving you the option of receiving our publications;
(xi) inviting you to Caledonia functions;
(xii) taking steps to improve the products and services we utilise and stakeholder communication and our use of technology;
(xiii) enabling us to recruit and retain appropriate personnel;
(xiv) helping us keep our systems and physical premises secure and prevent unauthorized access or cyber-attacks; and
(xv) publishing information sources used in advertising and mailing lists for public relations.
We do not think that any of the activities set out in this Privacy Policy will prejudice you in any way. However, you do have the right to object to us processing your personal data on this basis. We have set out details regarding how you can go about doing this in paragraph 5 above.
(b) Where You Give Us Your Consent To Use Your Personal Data
We are allowed to use your data where you have specifically consented. In order for your consent to be valid:
(i) it has to be given freely, without us putting you under any type of pressure;
(ii) you have to know what you are consenting to – so we will make sure we give you enough information;
(iii) you should only be asked to consent to one thing at a time – we therefore avoid “bundling” consents together so that you don’t know exactly what you are agreeing to; and
(iv) you need to take positive and affirmative action in giving us your consent – we are likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
As part of our relationship with you (for example, via our website subscription process), we may ask you for specific consents to allow us to use your data in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.
You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in paragraph 5 above.
(c) Where Using Your Personal Data Is Necessary For Us To Carry Out Our Obligations Under Our Contract With You
We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you.
For example, we need to collect your contact details in order to be able to communicate with you and provide you with newsletters you may have requested.
(d) Where Processing Is Necessary For Us To Carry Out Our Legal Obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.
11 Additional Information for Certain Jurisdictions
This section includes additional information as required under the privacy laws of certain jurisdictions in which we do business.
A. South Africa
These additional provisions apply to (i) investors, (ii) business contacts, contractors and suppliers, (iii) website users, (iv) job applicants and candidates for employment, and (v) visitors to our offices and facilities in South Africa where their personal information is processed by the below responsible party, and should be read together with the provisions of the Privacy Policy above.
The Privacy Policy, as read with these country specific provisions for South Africa, provides details relating to the processing of personal information in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA).
Responsible party: The responsible party is Caledonia Mining South Africa Proprietary Limited with the following address: 4th Floor,No.1 Quadrum Office Park, Constantia Boulevard, Floracliffe, South Africa. For any questions about this Privacy Policy as it applies in South Africa, please contact the Information Officer at dataprotection@caledoniamining.com.
Personal information of juristic persons: In addition to the personal information of natural persons set out above, we also collect and process personal information relating to investors, contractors and suppliers that are juristic persons, which information includes for example:
(a) the investor’s, contractor’s and/or supplier’s name and registration number;
(b) the investor’s, contractor’s and/or supplier’s telephone number, email address, physical address and postal address;
(c) the investor’s, contractor’s and/or supplier’s VAT number, and other tax-related information, if applicable;
(d) all relevant KYC information;
(e) the investor’s, contractor’s and/or supplier’s shareholders and applicable information regarding them;
(f) correspondence between us and the investor, contractor and/or supplier;
(g) the investor’s, contractor’s and/or supplier’s contact persons, and their personal information (as set out in the Privacy Policy above);
(h) the investor’s, contractor’s and/or supplier’s authorised signatories;
(i) invoices, fees and payment structures relating to the contractor and/or supplier; and
(j) procurement information.
Purposes for processing: The purposes of the processing of personal information of juristic entities include, amongst others, the following:
(a) to carry out the necessary actions for the conclusion or performance of any contract between us;
(b) to receive services;
(c) to comply with all applicable statutory obligations;
(d) to respond to queries received;
(e) to carry out and manage our business operations;
(f) for historical and statistical purposes, such as to analyse trends and make projections;
(g) for corporate security, disaster recovery and legal reporting obligations;
(h) to conduct statistical analysis, research or surveys;
(i) for procurement purposes;
(j) in the event of a proposed transaction, merger, sale, financing or restructuring of Caledonia or any part of our business; and
(k) any other legitimate business purposes.
Special personal information: We will only process your special personal information with your consent, where it is necessary for the establishment, exercise or defence of a right or obligation in law, or on any other justifiable ground as contained in POPIA.
Legislation: Legislation in terms of which personal information may be required to be processed includes:
(a) the Financial Intelligence Centre Act
(b) the Income Tax Act
(c) the Value-Added Tax Act
(d) for candidates for employment, the Employment Equity Act
(e) Broad-Based Black Economic Empowerment Act
(f) the Occupational Health and Safety Act
International Data Transfers: Personal information may in appropriate circumstances be transferred outside of South Africa. As set out in the Privacy Policy, where the recipient entity is not subject to a law that requires the processing and protection of personal information in a manner similar to what is contained in POPIA, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy including, for example, by ensuring that the recipient is subject to a binding transfer agreement.
The supply of personal information: Whilst website users can, for the most part, elect whether to supply personal information, in most instances, the supply of personal information by investors, business contacts, suppliers, contractors, job applicants and visitors to our sites is mandatory. If you choose not to provide us with your personal information, we may not be able to contract with you, to manage our contractual relationship with you (if applicable), either in whole or in part, or we may not be able to collaborate with you. Further, we may not be able to comply with our legal obligations. In instances where the supply of personal information is voluntary, we will inform you accordingly.
Your rights: In addition to the rights set out in the Privacy Policy, you shall have the following rights:
(a) the right to establish whether we hold personal information about you;
(b) the right to request access to your personal information (subject to the provisions of the Promotion of Access to Information Act);
(c) the right to submit a complaint to the South African Information Regulator regarding alleged interference with the protection of your personal information; and
(d) the right to institute civil proceedings regarding alleged interference with the protection of your personal information.
Should you wish to exercise your right to request access to, or the correction, destruction or deletion of, your personal information, or to object to the processing of your personal information, you are required to submit your request to the Information Officer. Depending on your request, we may require you to complete the relevant prescribed form, if any.
B. Zimbabwe
These additional provisions apply to (i) investors, (ii) business contacts, contractors and suppliers, (iii) website users, (iv) job applicants and candidates for employment, and (v) visitors to our offices, mines and exploration project sites in Zimbabwe where their personal information is processed by the below responsible party, and should be read together with the provisions of the Privacy Policy above.
The Privacy Policy, as read with these country specific provisions for Zimbabwe, provides details relating to the processing of personal information in compliance with the Cyber and Data Protection Act [Chapter 12:07] (CDPA).
Responsible party: The responsible party is any one of the Caledonia group’s subsidiaries in Zimbabwe which include but are not limited to Caledonia Holdings Zimbabwe (Private) Limited, Blanket Mine (1983) (Private) Limited, Bilboes Holdings Zimbabwe (Private) Limited, Arraskar Investments (Private) Limited, Caledonia (Bilboes & Motapa) Holdings (Private) Limited, Caledonia (Maligreen) (Private) Limited, Caledonia (Connemara) (Private) Limited all such above-mentioned subsidiaries with the following common address: No 3 Cecil Rhodes Drive, Newlands, Harare. For any questions about this Privacy Policy as it applies in Zimbabwe, please contact the Data Protection Officer at dataprotection@caledoniamining.com.
International Data Transfers: Personal information may in appropriate circumstances be transferred outside of Zimbabwe. As set out in the Privacy Policy, where the recipient entity is not subject to a law that requires the processing and protection of personal information in a manner similar to what is contained in the CDPA, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy including, for example, by ensuring that the recipient is subject to a binding transfer agreement.
The supply of personal information: Whilst website users can, for the most part, elect whether to supply personal information, in most instances the supply of personal information by investors, business contacts, suppliers, contractors, job applicants and visitors to our sites is mandatory. If you choose not to provide us with your personal information, we may not be able to contract with you, to manage our contractual relationship with you (if applicable), either in whole or in part, or we may not be able to collaborate with you. Further, we may not be able to comply with our legal obligations. In instances where the supply of personal information is voluntary, we will inform you accordingly.
Your rights: In addition to the rights set out in the Privacy Policy, you shall have the following rights:
(a) the right to establish whether we hold personal information about you;
(b) the right to request access to your personal information;
(c) the right to submit a complaint to the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) regarding alleged interference with the protection of your personal information; and
(d) the right to institute civil proceedings regarding alleged interference with the protection of your personal information.
Should you wish to exercise your right to request access to, or the correction, destruction or deletion of, your personal information, or to object to the processing of your personal information, you are required to submit your request to the Data Protection Officer. Depending on your request, we may require you to complete the relevant prescribed form.
C. United Arab Emirates (UAE)
These additional provisions apply to (i) investors, (ii) business contacts, contractors and suppliers, (iii) website users, (iv) job applicants and candidates for employment, and (v) visitors to our offices and facilities in the UAE where their personal information is processed by the below responsible party, and should be read together with the provisions of the Privacy Policy above.
The Privacy Policy, as read with these country specific provisions for the UAE, provides details relating to the processing of personal information in compliance with (i) in the case of processing carried out by Caledonia Mining FCZO, the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE Data Protection Law) and its Regulations; and (ii) in the case of processing carried out by Bilboes Gold Limited, the DIFC Data Protection Law (Law No.5) of 2020 (DIFC Data Protection Law) and its regulations.
Responsible party: The responsible party is any one of Caledonia Mining FCZO and Bilboes Gold Limited with the following address: Unit IH-00-01-02-OF-01, Level 02, Innovation One, Dubai International Financial Centre.
If required by the UAE Data Protection Law or DIFC Data Protection Law, Caledonia will appoint a Data Protection Officer for either, or both, of Caledonia Mining FCZO and Bilboes Gold Limited, and provide the contact details for such Data Protection Officer(s). For any questions about this Privacy Policy as it applies in the UAE, please email dataprotection@caledoniamining.com.
International Data Transfers: Personal information may in appropriate circumstances be transferred outside of the UAE. In such circumstances, the responsible party will comply with, as applicable:
(a) Articles 22 or 23 (as applicable) of the UAE Data Protection Law and applicable UAE Data Office Guidance; or
(b) Articles 26 or 27(as applicable) of the DIFC Data Protection Law.
The supply of personal information: Whilst website users can, for the most part, elect whether to supply personal information, in most instances the supply of personal information by investors, business contacts, suppliers, contractors, job applicants and visitors to our sites is mandatory. If you choose not to provide us with your personal information, we may not be able to contract with you, to manage our contractual relationship with you (if applicable), either in whole or in part, or we may not be able to collaborate with you. Further, we may not be able to comply with our legal obligations. In instances where the supply of personal information is voluntary, we will inform you accordingly.
Your rights: In addition to the rights set out in the Privacy Policy, you shall have the following rights:
(a) the right to establish whether we hold personal information about you;
(b) the right to request access to your personal information;
(c) the right to submit a complaint to the UAE Data Office or notify the Commissioner of Data Protection in accordance with Article 42 of the DIFC Data Protection Law (as applicable) regarding an alleged interference with the protection of your personal information or alleged personal data breach under either of the UAE Data Protection Law or DIFC Data Protection Law; and
(d) the right to, where applicable:
(i) institute civil proceedings regarding alleged interference with the protection of your personal information; or
(ii) initiate a private right of action regarding a personal data breach in accordance with Article 65A of the DIFC Data Protection Law.
Should you wish to exercise your right to request access to, or the correction, destruction or deletion of, your personal information, or to object to the processing of your personal information, you are required to submit your request by email to dataprotection@caledoniamining.com.
12 Approval
This policy document will be updated every 2 years or sooner if any significant changes have occurred. A copy of this document will be available from all of Caledonia’s offices.
This policy document supersedes any previous privacy policies.
Use of Cookies
Supporting Site Information
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The table below gives more details about the specific cookies that may be used and why.
Strictly necessary cookies
These cookies are always active and are necessary for this website to function. They cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences.
You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
| Cookie | Name | Purpose | More Information |
|---|---|---|---|
| Cookie Consent | moove_gdpr_popup | Cookie set by the UK cookie consent plugin to record that you accept the fact that the site uses cookies. | Duration: 30 days |
| Amazon Web Services | AWSALB AWSALBCORS | Cookie set by Amazon Web Services Load Balancer to preserve server session stickiness | This cookie is deleted 1 week after creation. |
| Laravel | Laravel_session | Laravel is used to deliver tools such as Share Price Charts, Widgets etc… Cookie set by Laravel framework to preserve session data. | This cookie is deleted 2 hours after creation. |
| X SRF-TOKEN | Cookie set by Laravel framework to protect against cross-site exploits. | This cookie is deleted 2 hours after creation. | |
| PHPSESSID | Session cookie | This cookie is deleted after browsing session ends. |
Performance cookies
These cookies allow us to count visits and traffic so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular, and see how visitors move around the site.
All information that is collected by these cookies is aggregated, and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
| Cookie | Name | Purpose | More Information |
|---|---|---|---|
| Google Analytics | _ga _gat _gid | These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. | Overview of privacy at Google. This cookie is saved for 12 months. |
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout
How to Refuse the Use of Cookies
Most web browsers allow some control of most cookies through the browser settings. You may refuse the use of cookies by selecting the appropriate settings in your browser. However, if you do this you may lose some useful functionality such as personalisation and ‘keep me signed in’ and ‘remember me’ features.
How to Disable Cookies in Your Browser
Here’s how to prevent new cookies from being installed and how to delete existing cookies. The exact procedure depends on which browser you are using.
Internet Explorer
To prevent new cookies from being installed and delete existing cookies:
http://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
Firefox
To prevent new cookies from being installed:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
To delete existing cookies:
https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
Google Chrome
To prevent new cookies from being installed and delete existing cookies:
https://support.google.com/chrome/answer/95647?hl=en
Safari
To prevent new cookies from being installed and delete existing cookies: