Data protection positioning statement

A clear written expression of Steenberg Vineyards’ position when it comes to complying with relevant data protection laws.

Steenberg Vineyards cares about doing what is right. We are committed to complying with our obligations under law, and we take our responsibilities seriously.

Data protection laws exist to strengthen the protections surrounding the personal information of natural persons (and sometimes organisations) within their jurisdiction. The Protection of Personal Information Act (POPIA) applies to us from 1 July 2021.

Steenberg Vineyards is first and foremost a luxury goods manufacturing company that provides related hospitality services. We know how important it is to protect personal information, and make sure that it is processed securely.

We are constantly working towards compliance with the relevant data protection laws. This letter helps to describe what we have done so far, and put your mind at ease.

Why is data protection law important to Steenberg Vineyards?

We believe that it is important to comply with relevant data protection laws because they prevent people from suffering harm, including:

  • losing money in a phishing attack;
  • becoming victims of identity fraud;
  • having their privacy infringed; or
  • suffering prejudice or other harms.

How did Steenberg Vineyards go about complying with relevant data protection laws?

Complying with relevant data protection laws isn’t easy, but we’ve invested significant time and resources into our compliance project.

We planned our compliance efforts carefully by:

  • consulting with data protection professionals.
  • assessing the impact of data protection law on us, and the risks associated with our activities.
  • determining our compliance strategy, and the how we should apply the principles of data protection.
  • educating our staff and contractors through online training; and
  • identifying actions to comply with relevant data protection laws.

What is Steenberg Vineyards doing to comply with relevant data protection laws?

Steenberg Vineyards has taken numerous steps to comply with relevant data protection laws, including:

  • reviewing our privacy policy.
  • entering into data processing agreements with our customers and suppliers; and
  • updating our data security on our equipment, infrastructure and systems.

We have also engaged with Michalsons, a specialised IT and data protection law firm who are experts in helping organisations comply with complex data protection laws. We are a member of their data protection compliance programme, and consult with them on a regular basis. The Michalsons team use their experience and pre-existing intellectual property to help us protect the personal information that we process in a practical and effective way.

Many of the actions we have taken have happened behind the scenes. We can’t reveal details of exactly what we’ve done because it might help out the bad guys.

We care – contact us

Ultimately, we’ve taken complying with relevant data protection laws seriously because we care about preventing harm to you – our customers and suppliers.

If you have any questions about your personal data, or how we protect it and make sure it stays private, please contact us here:

Yours faithfully,

Nicol Currin, Information Officer



This Website is an interactive online service operated by Graham Beck Enterprises (Pty) Ltd. This Privacy Policy applies to this site (however accessed and/or used), via personal computers, mobile devices or otherwise. Other interactive features, applications or downloads which are operated by us and available through the site, or interact with the site is subject to this Privacy Policy. This Privacy Policy doesn't apply to our collection of information from other sources, unless specifically stated. We have adopted this Privacy Policy to explain what information may be collected on our Website, how we use this information and under what circumstances we may disclose the information to third parties. This Privacy Policy, together with the Terms of Use and Copyright Policy posted on our Website sets forth the general rules and policies governing your use of our Website. Depending on your activities when visiting our Website, you maybe required to agree to additional terms and conditions. We keep this Privacy Policy posted on our Website, and you should review it frequently as we reserve the right to change it from time to time without prior notice to you. Any changes are effective immediately on posting. We will not use your personally identifiable information without your consent in a manner materially different than what was stated at the time it was collected.


Type of Information the Website Collects

The Website generally collects personally identifying information with your specific knowledge and consent. For instance, when you enter any competition, complete a survey, make a purchase or register for any portion of our services, you are asked to provide information such as your e-mail address, name or phone number. Optional information such as your age and gender may also be requested. Our servers may also automatically collect information about your computer when you visit the Website, including without limitation the type of browser software you use, the operating system you are running, the Website that referred you, and your Internet Protocol address.

How the Information is Used

The personally identifying information you supply through the Website is used to provide you with the service you have requested, to respond to your inquiries or in other ways naturally associated with the circumstances in which you provided the information. For example, we may use your e-mail address to send you a confirmation notice. We may also use the information to communicate with you about new features, products or services,and/or to improve the services that we offer by tailoring them to your needs. You may opt out from receiving future promotional information from us or our affiliated companies, or direct that we not share your information with any affiliated companies. We also allow access to our database by third parties that provide us with services, such as technical maintenance, vendors that process credit card orders, deliver our merchandise,administer our promotions, provide us with marketing or promotional assistance, analyze our data, assist us with customer service, etc. Our vendors agree to use this information,and we share information with them, only to carry out our requests. In addition, we may share your information with participating sponsors to a programme or competition you enter via our Website, our co-promotional partners and others with whom we have marketing or other relationships. Other than as provided in this Privacy Policy and our Terms of Use, or as set forth when you submit the information to the Website, we will not share or sell your personally identifiable information to third parties without your consent. We reserve the right to use the information we collect about your computer, which may at times be able to identify you, for any lawful business purpose, including without limitation to help diagnose problems with our servers, to gather broad demographic information and to otherwise administer our Website. While your personally identifiable information is protected as outlined above, we reserve the right to use, transfer, sell, and share aggregated, anonymous data about our users as a group for any business purpose, such as analysing usage trends and seeking compatible advertisers and partners. In addition, as our business changes, we may buy or sell various assets. In the event all or a portion of the assets owned or controlled by Graham Beck Enterprises (Pty) Ltd. or any subsidiary or affiliated entity are sold, assigned, transferred or acquired by another company, the information from and/or about our Website users may be among the transferred assets.

Legal rights available to help manage your privacy

You have certain rights in relation to your personal information:

In order to exercise your rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.

You can exercise your rights by emailing us at Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request within 30 days or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of: the source of your personal information; the purposes, legal basis and methods of processing; the data controller’s identity; and the businesses or categories of businesses to whom your personal information may be transferred.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object ; or
  • it has been processed unlawfully; or
  • the personal information must be erased for compliance with a legal obligation under European Union or Member State law to which the we are subject.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

Right to object to the processing (including direct marketing) of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

You can request that we stop contacting you for marketing purposes.

You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

If you have joined our mailing list, you can manage your marketing preferences automatically by clicking the "unsubscribe" link that you will find at the bottom of our emails which you receive from us, or you can unsubscribe by contacting is at (your email address).

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.

We may redact data transfer agreements to protect commercial terms.

Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:

  • its accuracy is contested, to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

You have a right to lodge a complaint with the Information Commissioners Office if you have concerns about how we are processing your personal information.

If you have any concerns regarding data that we hold, please contact the Data Controller at


A cookie is a piece of information that is deposited on your computer’s hard drive by your web browser when you use our computer server. The cookies enable us to recognise you and give us information about your previous visits. We learn which advertisements bring users to our Website. Most browsers accept cookies automatically, but usually you can alter your settings to prevent automatic acceptance. If you choose not to accept cookies, this may disable some of the features of our Website. The information that we collect and may share with our advertisers is anonymous and not personally identifiable. It does not contain your name, address, telephone number or email address.

Mobile Device Identifiers

Certain mobile service providers uniquely identify mobile devices and we or our third-party service providers may receive such device information if you access the Website through mobile devices. Certain features of our Website may require collection of mobile phone numbers, and we may associate that phone number to mobile device identification information. Additionally, some mobile phone service providers operate systems that pinpoint the physical location of devices that use their service. Depending on the provider, we or our third-party service providers may receive this information.

Embedded Scripts

An embedded script is a programming code that is designed to collect information about your interactions with the Website, such as the links you click on. The code is temporarily downloaded onto your computer from our web server or a third-party service provider, is active only while you are connected to the Website, and is deactivated or deleted thereafter. Information collected through passive means may be non-identifying or may be associated with you. If the latter, it will be treated as personally identifiable information.

Information You Provide About a Third Party

If you send someone else a communication from the Website, such as sending Website content to a friend, the information you provide (names, e-mail addresses etc.) is used to facilitate the communication and is not used for any other marketing purpose unless we obtain consent from that person or we explicitly say otherwise. Please be aware that when you use any send-to-a-friend functionality on our Website, your e-mail address may be included in the communication sent to your friend.

Information Provided by Third Parties About You

From time to time, we may supplement the information we collect with outside records from third parties in order to enhance our ability to serve you, to tailor our content to you and to offer you opportunities to purchase products or services that we believe may be of interest to you. We may combine the information we receive from those other sources with the information we collect through the Website. In those cases, we will apply this Privacy Policy to any personal identifiable information received, unless otherwise specifically disclosed by us at the time you provide your personally identifiable information.

Information Security and Notification

Because no data transmission over the internet is completely secure, and no system of physical or electronic security is impenetrable, Graham Beck Enterprises (Pty) Ltd. cannot guarantee the security of the information you send to us or the security of our servers or databases, and by using the Website you agree to assume all risk in connection with the information sent to us or collected by us when you use the Website. In the unlikely event that we believe that the security of your information in our possession or control may have been compromised, we may seek to notify you. If notification is appropriate, we may notify you by e-mail, provided that we have your e-mail address. Notwithstanding anything to the contrary in this Privacy Policy, we reserve the right to disclose any personally identifiable or non-personal information about you if we are required to do so by law, and if we believe that such action is necessary to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our Website, or other users; or (d) in an emergency to protect the health and safety of our Website’s users or the general public.

Other Links / Sites

Our Website may link to or contain links to other third party Websites that we do not control or maintain. We are not responsible for the privacy practices employed by any third party Website. We encourage you to note when you leave our Website and to read the privacy statements of all third party Websites before submitting any personally identifiable info.

Promotion of Access to Information Manual

1. Introduction

The Promotion of Access to Information Act was promulgated in March 2001. The Act was put in place to actively promote a society in which the people of South Africa have effective access to information, which enables them to more fully exercise and protect their rights.

The Human Rights Commission is responsible for compiling a guide that provides details on how to use the Act. This guide is currently not available from the Human Rights Commission. Please direct any further queries in this regard to:

The South African Human Rights Commission:

The Research and Documentation Department
Postal Address: Private Bag 2700

Phone: (011) 484 8300
Fax: (011) 484 0582


In terms of Section 51(1) of the Promotion of Access to Information Act, all heads of private bodies are required to compile a manual that provides information regarding the subjects and categories of records held by such private bodies. This manual is intended to fulfill this requirement.

Accordingly, this manual provides a reference to the records we hold and the process that needs to be adopted to access such records. All requests for access to information should be addressed to the contact person as identified in section 3 of this manual, as he/she is our designated Information Officer.

A copy of the manual will be available for inspection at:

 Our head office (refer address below) and
 The South African Human Rights Commission.

2. Company overview, structure and scope of this manual

Graham Beck Enterprises (Pty) Ltd is a 100% owned South African which shares are held by the Graham Beck 2011 Family Trust. Graham Beck Enterprises’ core activities relate to the production, marketing and selling of wine, operating from a three locations in the Western Cape, i.e. Robertson, Steenberg and Firgrove.

The scope of this manual is limited to information held by Graham Beck Enterprises (Pty) Ltd.

3. Administration of the Act

The Chief Executive Officer (CEO) of Graham Beck Enterprises (Pty) Ltd has duly authorized the contact person below to ensure that the requirements of the Act are administered in a fair, objective and unbiased manner. Accordingly, all requests for access to records should be addressed to:

Company: Graham Beck Enterprises
Contact person: Herman Mostert

Postal address: PO Box 134, Franschhoek, 7690
Physical address: The Siding, R45, Franschhoek, 7690
Phone number: 021 876 4607
Fax number: 021 876 4636
e-mail address:

Promotion of Access to Information Manual

4. Subjects and corresponding categories of records

Our records can be found in various forms including electronic and paper. In terms of the Promotion of Access to Information Act, access must be granted irrespective of form or medium.

To facilitate the easy identification of the records we hold, we have categorised our records per subject area. The table below provides an indication of the subjects of information that we hold and the corresponding categories:


• Audited Financial Statements
• Tax Records (relating to the company and the individual employees)
• Asset Register
• General Correspondence
• Management Accounts and Records
• Budgets
• Financial Transactions
• Purchase and Order Records
• Banking Records
• Contracts
• Financial Policies and Procedures
• Statutory Returns Records

Human Resources

• Employee Records
• Employment Contracts
• Personnel guidelines, policies and procedures
• General Correspondence
• Training Material
• Employment Equity Records
• Provident Fund Records
• Employee Benefit Records
• Labour Relations Records
• Statutory Labour related Records
• Skills Plans
• Recruitment records

Information Technology

• IT Policies and Procedures
• Network Diagrams
• Asset Register – IT related equipment
• General Correspondence


• Sales Policies and Procedures
• General Correspondence
• Product Sales Records
• Customer Information
• Environmental Health and Safety
• Environmental Assessments
• Audiometric Reports
• Biological Monitoring
• Training/ Education Records
• Accident Investigation Reports
• Minutes of Meetings
• Safety Organisational Structures
• Policies and Procedures
• Information Relating to the Fire Systems
• Machinery Tests Records
• Contractor Agreements

Production and Quality Control

• Production Records
• Production Statistics
• Inventory
• Raw Material Traceability Records
• General Correspondence
• Quality Test Results
• Calibration Records
• Product Specifications
• Customer Complaints


• Information relating to Freight Agents
• Shipping Information
• Delivery Plans
• General Correspondence

Business Analysis

• Pricing information
• Sales Budgets
• General Correspondence
• Product Sales Records/ Statistics
• 5 year plan

Promotion of Access to Information Manual

5. Records that can be accessed without a formal request (i.e. a formal request as defined by the Promotion of Access to Information Act)

We do not hold any information that is available for general public access. However, in terms of the following Acts, we are required to ensure that certain categories of records are available for access as prescribed by each Act:

The Occupational Health and Safety Act No. 85 of 1993;

The Constitution of the Republic of South Africa No.3 of 1994

The Value-Added Tax Act No. 89 of 1991;

Income Tax Act No. 58 of 1962;

Companies Act No. 61 of 1973;

Basic Conditions of Employment Act No. 75 of 1997;

Employment Equity Act No. 55 of 1998;

Labour Relations Act No. 66 of 1995;

The Medical Schemes Act No. 131 of 1998;

The Compensation for Occupational Injuries and Diseases Act No. 130 of 1993;

The Atmospheric Pollution Prevention Act No. 45 of 1965;

The Health Act No. 63 of 1977;

Consumer Affairs (Unfair Business Practices Act), 71 of 1988

Customs and Excise Amendment Act, 45 of 1995

South African Revenue Services Act, 34 of 1997

Notification of the availability of these records in terms of these Acts has not yet been given to the Cabinet Minister of Justice.

Please note that while we have made every effort to identify all pertinent legislation, we cannot guarantee that all legislation has been included. Should you be aware of any specific legislation that should be included and which has been omitted, please contact our Information Officer. Your assistance in this regard will be most appreciated.

6. Procedure to follow when submitting a formal request of access to a record

A request for access to a record that does not fall within the categories identified in Section 5 of this manual must be done formally either via conventional mail, e-mail or fax.

This request should be in the prescribed format as defined in Form C of Annexure B as identified in Government Notice Number 187, Regulation 6. A request form is also available from our offices. The prescribed request fee should be attached (refer to Section 8 of this manual for more details on the fees).

Our Information Officer will respond to your request within 30 days of receiving the request by indicating whether your request for access has been granted.

Please note that an application for access to information can be refused in the event that the application does not comply with the procedural requirements of the Act. In addition, the successful completion and submission of an access request form does not automatically allow the requestor access to the requested record.

The request form must be completed CLEARLY and COMPLETELY in block letter. If there is insufficient space on the printed request form in which to answer a question, additional information must be provided on a separate page that is clearly marked and referenced.

If access to a record/information is granted, our response will include:

• An indication of the access fee that should be paid upon gaining access (if any);
• An indication of the form in which the access will be granted;
• A notice that you may lodge an application with the court against the access fee to be paid or the form of the access, including guidance on the procedure for lodging the application.

Promotion of Access to Information Manual

If access to a record/information is denied, our response will include:

• Adequate reasons for the refusal; and
• Notice that you may lodge an application with the court against the extension and the procedure including the period, for lodging the application. For details on the procedure, please refer to Chapter 2 of Part 4 of the Promotion of Access to Information Act.

Assuming your request of access is granted, you will be able to gain access to the requested records as soon as is reasonably possible and once the access fee has been paid.

Access will be granted to a record if the following criteria are fulfilled:

• The record is required for the exercise or protection of any right;
• The requestor complies with the procedural requirements in the Act relating to a request; and
• Access to the record is not refused in terms of any ground for refusal as contemplated in Chapter 4 of Part 3 of the Act.

7. Denial of access

Access may be refused under limited circumstances including:

• Protecting personal information that we (Graham Beck Enterprises (Pty) Ltd) hold about a third person (who is a natural person) from unreasonable disclosure;
• Protecting commercial information that we hold about a third party (for example trade secrets: financial, commercial, scientific or technical information that may harm the commercial or financial interests of a third party);
• If disclosure would result in a breach of a duty of confidence owed to a third party;
• If disclosure would jeopardize the safety or life of an individual;
• If disclosure would prejudice or impair the security of property or means of transport;
• If disclosure would prejudice or impair the protection of a person in accordance with a witness protection scheme;
• If disclosure would prejudice or impair the protection of the safety of the public;
• The record is privileged from production in legal proceedings unless the privilege has been waived;
• If the record is a computer programme;
• Disclosure of the record will put Graham Beck Enterprises (Pty) Ltd at a disadvantage in contractual or other negotiations or prejudice it in commercial competition;
• Disclosure of the record (containing trade secrets, financial, commercial, scientific, or technical information) would harm the commercial or financial interests of Graham Beck Enterprises (Pty) Ltd; and
• Records containing information about research being carried out or about to be carried out on behalf of a third party or Graham Beck Enterprises (Pty) Ltd.

8. Fees

There are two basic types of fees applicable in terms of the Promotion of Access to Information Act – “request” and “access” fees. The non-refundable request fee (currently R 57.00 inclusive of VAT) is payable on submission of the request for access to a record (unless the request is personal in which event there is no applicable fee) and the access fee is payable prior to the actual gaining of access to the records in the required form. The applicable fees are prescribed in terms of Part III of Annexure A as identified in Government Notice Number 187, Regulation 11.

9. Request for access to information about third parties

If you request access to a record that contains information about a third party, we are obliged to attempt to contact this third party to inform them of the request and to give them an opportunity to respond by either consenting to the access or by providing reasons why the access should be denied. In the event that the third party furnishes reasons for the support or denial of access, our designated Information Officer will consider these reasons in determining whether access should be granted. You may appeal against a refusal of access by our Information Officer. Please refer to Part 4 of the Promotion of Access to Information Act for further details on the Appeal Process.