Privacy Policy: what personal data we collect, how, and why we do it, and what rights users have over their data

 0. Introduction
This is the Privacy Policy of Webbotany. The current URL of our website is https://webbotany.org. We, at Webbotany, respect people’s privacy and we are committed to protecting any personal user data to the best of our capabilities. The information pertained in this policy outlines our use of personal user data when someone (herein referred to as a user) interacts with our website (regardless of interaction), how that data is utilised, how long the data is retained, and what legal rights users have regarding their data.

  1. Important information about this policy

A) Purpose of this privacy policy

The purpose of the policy is to inform all users about what personal user data is, how we use personal user data and what rights users have regarding their personal user data. This includes any data that users may provide through this website when signing up to an email list or any other willingly submitted information as a result of entering a competition, completing a webform, and/or purchasing a product/service from our website.

This website is not aimed at children, and we do not, knowingly, collect personal user data relating to children.

By interacting with our website in any way, users acknowledge and consent to the use of their personal user data, as outlined in this policy.

b) Changes to the privacy policy

The information in this policy is reviewed regularly and kept up to date to the best of our capabilities. It is important that any information submitted by users, is accurate and up to date, in order to ensure that we provide our users with the best experience on our website and more importantly, in order to produce/perform products/services to the best of our capabilities. Should any changes occur, we kindly request that any new information is relayed to us by users as soon as possible.

c) Third-party links

This website may include links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect data on users. We do not control these third-party websites and we are not responsible for their use of personal user data as outlined in their privacy policies. We encourage all users of the internet to read the privacy policies of every website that they visit.

  1. The data we collect about users

Personal user data, or personal data refers to any information that can be used to identify an individual. It does NOT include data where the identity as been removed i.e. anonymous data.

Personal user data is a broad term that can encapsulate many different kinds of identifiable user data. Below is an explanation of the different kinds of personal user data that may be collected on this website:

  • Identity data includes a user’s first name, last name, title, marital status, date of birth, and/or gender.
  • Contact data includes a user’s billing information, delivery address, email address, and/or contact number(s).
  • Financial data includes a user’s banking information such as bank details, payment- and card information.
  • Transaction dataincludes details about payments to and from a user’s account and information about products and services purchased from us.
  • Technical data includes a user’s internet protocol (IP) address, browser information, time zones and location information, operating system information, and related information regarding the technology and devices used to interact with our website.
  • Profile data includes a user’s login information such as a password or username, purchases, and orders made by users interacting with our website, interests, and preferences as well as feedback and survey responses.
  • Usage data includes information about how users interact with our website, products, and/or services.
  • Marketing and communications data includes information in receiving marketing and promotional information from us and/or our third parties and a user’s communication preferences.

We also collect, use, and may share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from personal user data but is not considered personal user data in law as this data will not directly or indirectly reveal a user’s identity. An example of this is that we may use aggregate user usage data to calculate the percentage of users accessing a specific website feature. However, should we combine or connect Aggregated Data with personal user data, so that it can directly or indirectly identify a user, we will treat the combined data as personal user data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about users (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

a) What happens if users fail to provide personal user data?

Where we need to collect personal user data by law, or under the terms of a contract we have with a user, and they fail to provide the requested/required personal user data upon request, we may not be able to perform or complete the contract we have or are trying to enter into with that use, for example, to provide users with goods or services. In this case, we may have to cancel a product or service the user has with us, but we will notify all relevant parties, should this ever be the case.

  1. How personal user data is collected

There are many ways in which users can submit personal user data to us, below is an explanation of these methods:

  • Direct interactions may require users to submit various different kinds of personal user data via our website or correspondence with us by means of email or telephone. This information is submitted when a user performs one or more of the following actions:
    • Signing up for and/or participating in our marketing materials, promotions, competitions, surveys and/or other free offers;
    • Application for and/or purchase of products or services on our website;
    • Creating an account on our website;
    • Subscribing to our service and/or publications;
    • Request marketing to be sent;
    • Giving us feedback or contacting us
  • Automated technologies or interactions. This is data automatically collected when a user interacts with our website. This refers to technical data about a user’s equipment, browser information, and patterns. This data is collected by means of cookies and other similar technology further explained in this policy.
  • Third parties or publicly available sources. Some personal user data is submitted to us by third party suppliers as outlined below:
    • Analytics providers, such as Google
    • Contact, financial, and transaction data from providers of technical, payment, and/or delivery service providers.
    • Identity and contact data from publicly available sources such as Companies and Intellectual Properties Commission in South Africa (CIPC).
  1. How we use personal user data

We respect all information submitted to us by all users and only aim to use any personal user data to perform necessary tasks and provide services to users to the best of our capabilities. We do not use any more personal data than is required and we only use personal user data as outlined below:

  • Upholding and completing a contract that we have with users or are about to enter in with users;
  • Where it is necessary for our legitimate interests as well as our user’s interests and where fundamental rights do not override those interests;
  • With any legal obligation.

a) Purposes for which we will use personal user data

Below is a table that provides a description of all the ways in which we may use personal user data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Purpose / ActivityType of personal user dataLawful basis of processing and/or legitimate interest
To register as a new clientA) Identity
B) Contact
Performance of a contract with users

To process and deliver an order, including:

A) Manage payments, fees, and charges
B) Collect and recover money owed to us

A) Identity
B) Contact
C) Financial
D) Transaction
E) Marketing and communications
A) Performance of a contract
B) Necessary for our own interests (such as collecting payments owed to us)

To manage our relationship with users:

A) Notification about policy changes
B) Marketing purposes such as leaving a review or completing a survey

A) Identity
B) Contact
C) Profile
D) Usage
E) Marketing and communications
A) Performance of a contract
B) Legal obligation compliance
C) Necessary for our own interests (bookkeeping and the study of user behavior on our website)
To participate in a prize draw, promotion, competition, free offer, and/or completing a surveyA) Identity
B) Contact
C) Profile
D) Usage
E) Marketing and communications
A) Performance of a contract
B) Necessary for our own interests (study how users interact with our services, development, and growth of our own business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing system maintenance, support, and reporting and hosting of data)A) Identity
B) Contact
C) Usage
D) Technical
A) Necessary for our own interests (such as running our business, provision of administration, network and security, and fraud prevention
B) Legal obligation compliance
To deliver relevant website content, implementing of marketing materials and measuring the effectiveness of these strategiesA) Identity
B) Contact
C) Profile
D) Usage
E) Technical
F) Marketing and communications
A) Necessary for our own interests (studying how users interact with our website, how customers use our products and services, and the development of our business)
To use data analytics to measure the use of our website, products, and/or services as well as improve our customer relationships and experiencesA) Technical
B) Usage
A) Necessary for our own interests (defining the types of customers for our products and services, keeping our website up to date, and developing our business- and market strategies)

b) Marketing and Promotional offers from us

We may use certain personal user data such as identity, contact, technical, usage, and profile data to form a view on what products or services we think users may be interested in.

We strive to provide users with choices regarding their personal user data uses, particularly around marketing and advertising. Users will receive marketing communications from us if they have requested such information from us or purchased goods or services from us and they have not opted out of receiving relevant marketing.

c) Third-party marketing

Our personal policy is never to share any personal user data with anyone unless it prevents us from providing our services or if by an obligation of being compliant with the law. No personal user data will be shared with anyone unless express consent has been granted by the user to do so. Some examples where this may be applicable include delivery service providers who make use of identity- or contact data in order to deliver products or services purchased on our website, by users.

d) Cookies

A cookie is a small file of letters and numbers that gets stored on a user’s browser or on their hard drive. These files are used to determine information about the user such as technical and usage data. Cookie settings are unique to each individual user and it is up to the user to decide how cookies get processed on their computer.

This website uses cookies to distinguish users on our website. This helps us to provide everyone with a good experience when interacting with our website, and it also allows us to improve our website. By continuing to use our website, by means of browsing or any other interaction, users agree to our use of cookies.

We use the following cookies:

  • Strictly necessary cookies – These are cookies that are required for the operation of our website. They include, for example, cookies that enable users to log into secure areas of our website, use a shopping cart, and/or make use of e-billing services.
  • Analytical/performance cookies – They allow us to recognise and count the number of users and to see how users navigate around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies – These are used to recognise users when they return to our website. This enables us to personalise our content for each user, greet people by name, and/or remember their preferences (for example, choice of language or region).
  • Targeting cookies – These cookies record a user’s visit to our website, the pages they have visited, and/or the links they have followed. We will use this information to make our website and the advertising displayed on it, more relevant to user’s interests.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Users can block cookies by changing the settings in their browser, which allows them to refuse the setting of all or some cookies. However, if a user uses their browser settings to block all cookies, (including strictly necessary Cookies) they may not be able to access all or parts of our website.

e) Change of purpose

We only use personal user data for the purposes for which we have collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Should users wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, we request that users please contact us.

If we need to use personal user data for an unrelated purpose, we will notify all relevant parties and we will explain all legal bases which will allow us to do so.

Please note that we may process personal user data without user knowledge or consent, in compliance with the above rules, only where this is required or permitted by law.

f) Opting out

Users can request from us or third parties to stop sending marketing messages at any time by contacting us at any time, this can also be communicated with us through marketing and communications data that gets submitted by users.

Where users opt-out of receiving marketing messages, this will not apply to personal user data provided to us as a result of a product/service purchase and/or other transactions.

  1. Disclosures of personal user data

We may share personal user data with External Third Parties (as defined in the Glossary) for the purposes as stated in section 4A (Purposes for which we will use personal user data) of this policy.

We require all third parties to respect the security of personal user data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal user data for their own purposes and only permit them to process any personal user data for specified purposes and in accordance with our instructions as outlined in this policy.

  1. Data retention

a) How long will we use personal user data?

We only retain personal user data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, and/or reporting requirements. We may retain personal user data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with users.

To determine the appropriate retention period for personal user data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of such personal data, the purposes for which we process any personal user data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data: see user legal rights below for further information.

In some circumstances, we will anonymise personal user data for research or statistical purposes, in which case we may use this information indefinitely without further notice to any user.

  1. User legal rights

Users have certain legal rights pertaining to the usage of their personal user data. Below is an explanation of what rights users have with regard to our business. Users have a legal right to:

  • Request access to their personal data (commonly referred to as a “data subject access request”). This enables users to receive a copy of the personal data we hold about that user and to ensure that we are lawfully processing it.
  • Request correction of the personal data that we hold about that user. This enables users to have any incomplete or inaccurate data we hold about them, corrected, though we may need to verify the accuracy of any new data provided to us.
  • Request erasure of personal user data. This enables users to ask us to delete or remove personal user data where there is no good reason for us to continue to process it. Users also have the right to ask us to delete or remove personal user data where users have successfully exercised their right to object to processing (see below), where we may have processed any information unlawfully or where we are required to erase personal user data to comply with the local law. Note, however, that we may not always be able to comply with requests of erasure for specific legal reasons which will be notified to users, if applicable, at the time of their request.
  • Object to processing of personal user data where we are relying on a legitimate interest (or those of a third party) and there is something about a user’s particular situation which makes them want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms. Users also have the right to object where we are processing any personal user data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process such information which override a user’s rights and freedoms.
  • Request restriction of processing of personal user data. This enables users to ask us to suspend the processing of their personal user data in the following scenarios:
    • If users want us to establish the data’s accuracy;
    • Where our use of the data is unlawful, but users do not want us to erase it;
    • Where users need us to hold the data even if we no longer require it as they need it to establish, exercise, or defend legal claims;
    • Users have objected to our use of their personal use data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of personal user data to that user or to a third party. We will provide to a user, or a third party that they have chosen, their personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which users initially provided consent for us to use or where we used the information to perform a contract with them.
  • Withdraw consent at any time where we are relying on consent to process personal user data. However, this will not affect the lawfulness of any processing carried out before users withdraw their consent. If users withdraw their consent, we may not be able to provide certain products or services to them. We will advise users if this is the case at the time they withdraw their consent.

If users wish to exercise any of the rights set out above, we kindly request that they please contact us.

Upon exercising these rights:
a) No fee required (usually)

Users will not have to pay a fee to access their personal user data (or to exercise any of the other rights). However, we may charge a reasonable fee if their request is clearly unfounded, repetitive, or excessive. Alternatively, we may also refuse to comply with a user’s request in these circumstances.

b) What we may require

We may need to request specific information from users to help us confirm their identity and ensure their right to access any personal user data (or to exercise any of their other rights). This is a security measure to ensure that personal user data is not disclosed to any person who has no right to receive such information. We may also contact users to ask for further information in relation to their request to speed up our response.

c) Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month should a request be particularly complex or users have made a number of requests. In this case, we will notify all relevant parties and keep everyone updated.

  1. Glossary
  • Legal obligation compliance
    processing personal user data where it is necessary for compliance with a legal obligation that we are subject to.
  • External third parties
    • Service providers based in South Africa and/or the United States of America who provide IT and system administration services.
    • Professional advisers including lawyers, bankers, auditors, and insurers based in South Africa and/or the United Kingdom who provide consultancy, banking, legal, insurance, and accounting services.
    • The South African Revenue Service (SARS), regulators, and/or other authorities based in South Africa or elsewhere.
  • Legitimate interests
    refers to the interest of our business, in conducting and managing our business to enable us to provide users with the best possible service/product and the best and most secure experience. We make sure we consider and balance any potential impact (both positive and negative), on all users, and their rights before we process their personal user data for our legitimate interests. We do not use any personal user data for activities where our interests are overridden by the impact on users (unless we have their consent or are otherwise required or permitted to, by law). Users can obtain further information about how we assess our legitimate interests against any potential impact on them in respect of specific activities by contacting us.
  • Performance of a contract
    processing personal user data where it is necessary for the uphold and completion of an agreement to which a user is a part of, such as to provide the user with a product or service, or to take steps at the user’s request before entering into such an agreement.
  1. Contact details

If users have any questions about this privacy policy or our privacy practices, we kindly request that they please contact us at their earliest convenience.

Users can reach out to us via the following channels:

Updated: July 2021

Introduction
This is the Privacy Policy of Webbotany. The current URL of our website is https://webbotany.org. We, at Webbptany, respect your privacy and we are committed to protecting your personal user data to the best of our capabilities. The information pertained in this policy outlines our use of personal user data when someone (herein referred to as a user) interacts with our website(regardless of interaction), how that data is utilised, how long the data is retained, and what legal rights users have regarding their data.

  1. Important information about this policy

A) Purpose of this privacy policy

The purpose of the policy is to inform all users about what personal user data is, how we use personal user data and what rights users have regarding their personal user data. This includes any data that users may provide through this website when signing up to an email list or any other willingly submitted information as a result of entering a competition, completing a webform, and/or purchasing a product/service from our website.

This website is not aimed at children, and we do not, knowingly, collect personal user data relating to children.

By interacting with our website in any way, users acknowledge and consent to the use of their personal user data, as outlined in this policy.

b) Changes to the privacy policy

The information in this policy is reviewed regularly and kept up to date to the best of our capabilities. It is important that any information submitted by users, is accurate and up to date, in order to ensure that we provide our users with the best experience on our website and more importantly, in order to produce/perform products/services to the best of our capabilities. Should any changes occur, we kindly request that any new information is relayed to us by users as soon as possible.

c) Third-party links

This website may include links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect data on users. We do not control these third-party websites and we are not responsible for their use of personal user data as outlined in their privacy policies. We encourage all users of the internet to read the privacy policies of every website that they visit.

  1. The data we collect about users

Personal user data, or personal data refers to any information that can be used to identify an individual. It does NOT include data where the identity as been removed i.e. anonymous data.

Personal user data is a broad term that can encapsulate many different kinds of identifiable user data. Below is an explanation of the different kinds of personal user data that may be collected on this website:

  • Identity data includes a user’s first name, last name, title, marital status, date of birth, and/or gender.
  • Contact data includes a user’s billing information, delivery address, email address, and/or contact number(s).
  • Financial data includes a user’s banking information such as bank details, payment- and card information.
  • Transaction dataincludes details about payments to and from a user’s account and information about products and services purchased from us.
  • Technical data includes a user’s internet protocol (IP) address, browser information, time zones and location information, operating system information, and related information regarding the technology and devices used to interact with our website.
  • Profile data includes a user’s login information such as a password or username, purchases, and orders made by users interacting with our website, interests, and preferences as well as feedback and survey responses.
  • Usage data includes information about how users interact with our website, products, and/or services.
  • Marketing and communications data includes information in receiving marketing and promotional information from us and/or our third parties and a user’s communication preferences.

We also collect, use, and may share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from personal user data but is not considered personal user data in law as this data will not directly or indirectly reveal a user’s identity. An example of this is that we may use aggregate user usage data to calculate the percentage of users accessing a specific website feature. However, should we combine or connect Aggregated Data with personal user data, so that it can directly or indirectly identify a user, we will treat the combined data as personal user data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about users (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.

a) What happens if users fail to provide personal user data?

Where we need to collect personal user data by law, or under the terms of a contract we have with a user, and they fail to provide the requested/required personal user data upon request, we may not be able to perform or complete the contract we have or are trying to enter into with that use, for example, to provide users with goods or services. In this case, we may have to cancel a product or service the user has with us, but we will notify all relevant parties, should this ever be the case.

  1. How personal user data is collected

There are many ways in which users can submit personal user data to us, below is an explanation of these methods:

  • Direct interactions may require users to submit various different kinds of personal user data via our website or correspondence with us by means of email or telephone. This information is submitted when a user performs one or more of the following actions:
    • Signing up for and/or participating in our marketing materials, promotions, competitions, surveys and/or other free offers;
    • Application for and/or purchase of products or services on our website;
    • Creating an account on our website;
    • Subscribing to our service and/or publications;
    • Request marketing to be sent;
    • Giving us feedback or contacting us
  • Automated technologies or interactions. This is data automatically collected when a user interacts with our website. This refers to technical data about a user’s equipment, browser information, and patterns. This data is collected by means of cookies and other similar technology further explained in this policy.
  • Third parties or publicly available sources. Some personal user data is submitted to us by third party suppliers as outlined below:
    • Analytics providers, such as Google
    • Contact, financial, and transaction data from providers of technical, payment, and/or delivery service providers.
    • Identity and contact data from publicly available sources such as Companies and Intellectual Properties Commission in South Africa (CIPC).
  1. How we use personal user data

We respect all information submitted to us by all users and only aim to use any personal user data to perform necessary tasks and provide services to users to the best of our capabilities. We do not use any more personal data than is required and we only use personal user data as outlined below:

  • Upholding and completing a contract that we have with users or are about to enter in with users;
  • Where it is necessary for our legitimate interests as well as our user’s interests and where fundamental rights do not override those interests;
  • With any legal obligation.

a) Purposes for which we will use personal user data

view this page on a desktop to see a table that provides a description of all the ways in which we may use personal user data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

b) Marketing and Promotional offers from us

We may use certain personal user data such as identity, contact, technical, usage, and profile data to form a view on what products or services we think users may be interested in.

We strive to provide users with choices regarding their personal user data uses, particularly around marketing and advertising. Users will receive marketing communications from us if they have requested such information from us or purchased goods or services from us and they have not opted out of receiving relevant marketing.

c) Third-party marketing

Our personal policy is never to share any personal user data with anyone unless it prevents us from providing our services or if by an obligation of being compliant with the law. No personal user data will be shared with anyone unless express consent has been granted by the user to do so. Some examples where this may be applicable include delivery service providers who make use of identity- or contact data in order to deliver products or services purchased on our website, by users.

d) Cookies

A cookie is a small file of letters and numbers that gets stored on a user’s browser or on their hard drive. These files are used to determine information about the user such as technical and usage data. Cookie settings are unique to each individual user and it is up to the user to decide how cookies get processed on their computer.

This website uses cookies to distinguish users on our website. This helps us to provide everyone with a good experience when interacting with our website, and it also allows us to improve our website. By continuing to use our website, by means of browsing or any other interaction, users agree to our use of cookies.

We use the following cookies:

  • Strictly necessary cookies – These are cookies that are required for the operation of our website. They include, for example, cookies that enable users to log into secure areas of our website, use a shopping cart, and/or make use of e-billing services.
  • Analytical/performance cookies – They allow us to recognise and count the number of users and to see how users navigate around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies – These are used to recognise users when they return to our website. This enables us to personalise our content for each user, greet people by name, and/or remember their preferences (for example, choice of language or region).
  • Targeting cookies – These cookies record a user’s visit to our website, the pages they have visited, and/or the links they have followed. We will use this information to make our website and the advertising displayed on it, more relevant to user’s interests.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Users can block cookies by changing the settings in their browser, which allows them to refuse the setting of all or some cookies. However, if a user uses their browser settings to block all cookies, (including strictly necessary Cookies) they may not be able to access all or parts of our website.

e) Change of purpose

We only use personal user data for the purposes for which we have collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Should users wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, we request that users please contact us.

If we need to use personal user data for an unrelated purpose, we will notify all relevant parties and we will explain all legal bases which will allow us to do so.

Please note that we may process personal user data without user knowledge or consent, in compliance with the above rules, only where this is required or permitted by law.

f) Opting out

Users can request from us or third parties to stop sending marketing messages at any time by contacting us at any time, this can also be communicated with us through marketing and communications data that gets submitted by users.

Where users opt-out of receiving marketing messages, this will not apply to personal user data provided to us as a result of a product/service purchase and/or other transactions.

  1. Disclosures of personal user data

We may share personal user data with External Third Parties (as defined in the Glossary) for the purposes as stated in section 4A (Purposes for which we will use personal user data) of this policy.

We require all third parties to respect the security of personal user data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal user data for their own purposes and only permit them to process any personal user data for specified purposes and in accordance with our instructions as outlined in this policy.

  1. Data retention

a) How long will we use personal user data?

We only retain personal user data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, and/or reporting requirements. We may retain personal user data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with users.

To determine the appropriate retention period for personal user data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of such personal data, the purposes for which we process any personal user data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances you can ask us to delete your data: see user legal rights below for further information.

In some circumstances, we will anonymise personal user data for research or statistical purposes, in which case we may use this information indefinitely without further notice to any user.

  1. User legal rights

Users have certain legal rights pertaining to the usage of their personal user data. Below is an explanation of what rights users have with regard to our business. Users have a legal right to:

  • Request access to their personal data (commonly referred to as a “data subject access request”). This enables users to receive a copy of the personal data we hold about that user and to ensure that we are lawfully processing it.
  • Request correction of the personal data that we hold about that user. This enables users to have any incomplete or inaccurate data we hold about them, corrected, though we may need to verify the accuracy of any new data provided to us.
  • Request erasure of personal user data. This enables users to ask us to delete or remove personal user data where there is no good reason for us to continue to process it. Users also have the right to ask us to delete or remove personal user data where users have successfully exercised their right to object to processing (see below), where we may have processed any information unlawfully or where we are required to erase personal user data to comply with the local law. Note, however, that we may not always be able to comply with requests of erasure for specific legal reasons which will be notified to users, if applicable, at the time of their request.
  • Object to processing of personal user data where we are relying on a legitimate interest (or those of a third party) and there is something about a user’s particular situation which makes them want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms. Users also have the right to object where we are processing any personal user data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process such information which override a user’s rights and freedoms.
  • Request restriction of processing of personal user data. This enables users to ask us to suspend the processing of their personal user data in the following scenarios:
    • If users want us to establish the data’s accuracy;
    • Where our use of the data is unlawful, but users do not want us to erase it;
    • Where users need us to hold the data even if we no longer require it as they need it to establish, exercise, or defend legal claims;
    • Users have objected to our use of their personal use data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of personal user data to that user or to a third party. We will provide to a user, or a third party that they have chosen, their personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which users initially provided consent for us to use or where we used the information to perform a contract with them.
  • Withdraw consent at any time where we are relying on consent to process personal user data. However, this will not affect the lawfulness of any processing carried out before users withdraw their consent. If users withdraw their consent, we may not be able to provide certain products or services to them. We will advise users if this is the case at the time they withdraw their consent.

If users wish to exercise any of the rights set out above, we kindly request that they please contact us.

Upon exercising these rights:
a) No fee required (usually)

Users will not have to pay a fee to access their personal user data (or to exercise any of the other rights). However, we may charge a reasonable fee if their request is clearly unfounded, repetitive, or excessive. Alternatively, we may also refuse to comply with a user’s request in these circumstances.

b) What we may require

We may need to request specific information from users to help us confirm their identity and ensure their right to access any personal user data (or to exercise any of their other rights). This is a security measure to ensure that personal user data is not disclosed to any person who has no right to receive such information. We may also contact users to ask for further information in relation to their request to speed up our response.

c) Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month should a request be particularly complex or users have made a number of requests. In this case, we will notify all relevant parties and keep everyone updated.

  1. Glossary

Legal obligation compliance – processing personal user data where it is necessary for compliance with a legal obligation that we are subject to.

External third parties – Service providers based in South Africa and/or the United States of America who provide IT and system administration services.

– Professional advisers including lawyers, bankers, auditors, and insurers based in South Africa and/or the United Kingdom who provide consultancy, banking, legal, insurance, and accounting services.

– The South African Revenue Service (SARS), regulators, and/or other authorities based in South Africa or elsewhere.

Legitimate interests – refers to the interest of our business, in conducting and managing our business to enable us to provide users with the best possible service/product and the best and most secure experience. We make sure we consider and balance any potential impact (both positive and negative), on all users, and their rights before we process their personal user data for our legitimate interests. We do not use any personal user data for activities where our interests are overridden by the impact on users (unless we have their consent or are otherwise required or permitted to, by law). Users can obtain further information about how we assess our legitimate interests against any potential impact on them in respect of specific activities by contacting us.

Performance of a contract – processing personal user data where it is necessary for the uphold and completion of an agreement to which a user is a part of, such as to provide the user with a product or service, or to take steps at the user’s request before entering into such an agreement.

  1. Contact details

If users have any questions about this privacy policy or our privacy practices, we kindly request that they please contact us at their earliest convenience.

Users can reach out to us via the following channels:

Updated: July 2021