1.1  Words that are defined in POPIA and used in this privacy policy will bear the same meaning as in POPIA unless the context indicates otherwise.

1.2  In this privacy policy, the following terms shall have the meanings assigned to them hereunder namely:

2.1  We recognise the importance of protecting Users’ privacy rights in respect of their Personal Information Processed by us. In adopting this privacy policy, we wish to balance our legitimate business interests and the privacy rights of all Users. Accordingly, we will take appropriate, reasonable, technical and organisational measures to prevent unlawful and/or unauthorised access to, Processing, loss, damage or destruction of Personal Information. The determination of such appropriate, reasonable, technical and organisational measures will be made by us having regard to the nature of the Personal Information, the risks involved and the available technology at the relevant time.

2.2  This privacy policy may also apply to other parties (such as authorised agents, contractors, service providers, suppliers or partners) acting on our behalf as operators when providing Users with anything in relation to our Products/Services and/or our Sites. To the extent required by law, we will ensure that such operators establish and maintain the security measures required in terms of POPIA.

3.1  We will Process a User’s Personal Information in the following instances:

• 3.1.1  The User, or a competent person where the User is a child (such as a parent or guardian), Consents to the Processing.
• 3.1.2  Where it is necessary to carry out actions for the conclusion or performance of a contract to which we are a party, including any agreement we may have with a User in relation to our Products/Services and/or our Sites (e.g. when a User visits, browses, registers, subscribes and/or applies for and uses our Products/Services and/or our Sites or when a User registers to receive any notifications from us in respect of our email authentication service and/or our text message authentication service).
• 3.1.3  To comply with an obligation imposed on us by law.
• 3.1.4  Where it protects or is necessary for pursuing the legitimate interest of a User, our legitimate interest or that of a third party to whom the Personal Information is supplied.

3.2  We will Process a User’s Special Personal Information in the following instances:

• 3.2.1  The User Consents to the Processing.
• 3.2.2  It is necessary for the establishment, exercise or defence of a right or obligation in law.
• 3.2.3  It is necessary to comply with an obligation of international public law.
• 3.2.4  It is for historical, statistical or research purposes to the extent that — (3.2.4.1) the purpose serves a public interest and the Processing is necessary for the purpose concerned, or (3.2.4.2) it appears to be impossible or would involve a disproportionate effort to obtain Consent, and sufficient guarantees are provided for to ensure that the Processing does not adversely affect the individual privacy of the User to a disproportionate extent.
• 3.2.5  Information has deliberately been made public by the User.
• 3.2.6  It is otherwise permitted in terms of POPIA.

4.1  The Personal Information that we may Process includes information necessary for us to provide a User with the Products/Services and/or services relating to our Sites and to protect and ensure our legitimate business interests. This may include all of the categories of Personal Information, but includes at least the following Personal Information:

4.1.1 — Information and content the User provides.  We collect the Consent, communications and other information the User provides when using our Products/Services and/or our Sites, including when the User signs up for an account, creates or shares content, and messages or communicates with us via our Sites or via any other means. Our systems automatically process content and communications provided by Users and others to analyse context and content for the purposes set out in this privacy policy. We specifically Process Users’ names and identity numbers, bank account, credit card details and other payment channel details (where necessary for payment processing), e-mail and physical addresses, postal addresses, contact information, information relating to race, gender, and age, and such other Special Personal Information, Personal Information and/or views a User may choose to share via our Sites, in accordance with this privacy policy.

4.1.2 — Usage.  We collect information about how Users use our Products/Services and/or our Sites, such as the types of content they view or engage with, the features they use, the actions they take, the accounts they interact with and the time, frequency and duration of their activities. For example, we log when they are using and have last used our Products/Services and/or our Sites, and what posts, pages and other content they view on our Sites. We also collect information about how they use certain features of our Products/Services and/or our Sites.

4.1.3 — Device information.  We collect information from and about the computers, phones, connected TVs and other web-connected devices Users use that integrate with our Sites, and we combine this information across different devices used by Users. For example, we use information collected about a User’s use of our Products/Services and/or our Sites on their phone to better personalise the content (including advertisements) or features they will see when using our Products/Services on another device, such as a laptop or tablet, or to measure whether they took an action in response to an advertisement we showed them on their device. Information we may obtain from these devices include:

• a.  Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
• b.  Device operations: information about operations and behaviours performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).
• c.  Identifiers: unique identifiers, device IDs, and other identifiers, such as from services, apps, pages or accounts used, or other identifiers unique to us or our Products/Services associated with the same device or account.
• d.  Device signals: Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.
• e.  Data from device settings: information a User allows us to receive through device settings they turn on, such as access to their GPS location, camera or photos.
• f.  Network and connections: information such as the name of a User’s mobile operator or ISP, language, time zone, mobile phone number, IP address, and connection speed and, in some cases, information about other devices that are nearby or on their network, so we can do things like help them stream content to or through all their devices.
• g.  Cookie data: data from cookies stored on a User’s device, including cookie IDs and settings.

4.1.4 — Information from partners.  Advertisers, Site developers, and publishers can send us information through various means, including our social plug-ins and through our APIs. These partners provide information about a User’s activities on our Site, including information about their device, websites they visit, purchases they make, the advertisements they see, and how they use their services, whether or not the User has an account with us or is logged into our Site. For example, a partner could use our API to tell us what pages a User viewed, or a business could tell us about a purchase a User made in its store. We also receive information about Users’ online and offline actions and purchases from third-party data providers who have the rights to provide us with such information. Partners receive a User’s data when they visit or use their services or through third parties they work with. We require each of these partners to have lawful rights to Process such Personal Information before providing any such Personal Information to us.

4.2  Where the law requires us to do so, we will obtain a User’s Consent before collecting their Personal Information from other parties.

4.3  If a User provides us with Personal Information of other people, the User confirms that they are allowed to share such Personal Information and that we may Process such Personal Information in terms of this privacy policy.

4.4  Users acknowledge that all Personal Information Processed by us may be stored by us and used, amongst others, for any of the purposes, but not exclusively, listed in clause 5 below.

5.1  We may Process Personal Information for the following purposes:

• 5.1.1  To deliver our Products/Services, including to personalise features and content (such as services, products and advertisements) and make suggestions for Users (such as pages, services and information they may be interested in or topics they may want to follow) on or about our Products/Services or on our Sites. To create personalised content that is unique and relevant to Users, we use Users’ connections, preferences, interests and activities based on the data we collect and learn from them and others (including any data with special protections which Users provide and Consent to being Processed), how Users use and interact with our Sites and the people, places, or things they are connected to and interested in, on and off our Sites.
• 5.1.2  To develop, test and improve our Products/Services and/or our Sites, including by conducting surveys and research, and testing and troubleshooting new products and services and features.
• 5.1.3  To select and personalise advertisements, offers and other sponsored content that we show Users.
• 5.1.4  To provide measurement, analytics, and other business services. We use the information we have (including Users’ activity off our Products/Services, such as the websites they visit and advertisements they see) to help advertisers and other partners measure the effectiveness and distribution of their advertisements and services, and understand the types of people who use their services and how people interact with their websites, apps, and services. This will only be done in accordance with the terms of this privacy policy and POPIA.
• 5.1.5  To promote safety, integrity and security. We use the information we have to verify accounts and activity, combat harmful conduct, detect and prevent spam and other bad experiences, maintain the integrity of our Products/Services, and promote safety and security on and off of our Products/Services. For example, we use data we have to investigate suspicious activity or violations of our terms or policies.
• 5.1.6  To communicate with Users. We use the information we have to send Users marketing communications, communicate with them about our Products/Services, and let them know about our policies and terms. We also use their information to respond to them when they contact us.
• 5.1.7  Research and innovate for social good. We use the information we have (including from research partners we collaborate with) to conduct and support research and innovation on topics of general technological advancement of our Products/Services.
• 5.1.8  For helping us in any future dealings with Users.
• 5.1.9  For any other purpose that we are legally authorised to Process Personal Information for and as permitted by law.

6.1  All Personal Information provided to us is stored manually, and/or on our secure cloud-based platform and/or servers operated, maintained and protected in the Republic of South Africa (“RSA”).

6.2  The Personal Information that we Process may also be transferred to, and stored at, a destination outside the RSA. It may also be Processed by staff operating outside the RSA who work for us or for one of our suppliers, content providers or service providers. Such staff may be engaged in, among other things, the fulfilment of our obligations towards Users, the processing of Users’ payment details and the provision of support Products/Services. Such transfer and/or Processing of Personal Information outside the RSA will not occur unless: (i) the recipient of the Personal Information is subject to a law, binding corporate rules or a binding agreement which provides an adequate level of protection that effectively upholds principles for reasonable Processing and contains provisions regarding transfers of Personal Information to third parties in foreign countries, substantially similar to those under POPIA; (ii) with the User’s Consent; (iii) the transfer is necessary for the performance of a contract between us and the User, or for the implementation of pre-contractual measures taken in response to the User’s request; (iv) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the User between us and a third party; or (v) the transfer is for the benefit of the User, it is not reasonably practicable to obtain the User’s Consent to the transfer and if it were reasonably practicable to obtain such Consent, the User would be likely to give it.

6.3  Where we have given a User (or where a User has chosen) a password which enables them to access certain parts of our Sites (login facility), the User is responsible for keeping this password confidential and secure. We ask that Users do not share their usernames or passwords with anyone. Should a User share their username or password with anyone, such User indemnifies and holds us harmless against any and all damages, loss, costs, expenses and third-party claims which result from the sharing of such User’s username or password, from any other person becoming aware of and/or using their username or password. A User may register their Personal Information with us via e-mail, via our Sites, manually or as may be otherwise communicated from time to time.

6.4  Records of a User’s Personal Information will not be retained for longer than is necessary for lawful operational or archiving purposes, unless retention of records is required or authorised by law. Records of Personal Information may be retained for periods in excess of those contemplated for lawful operational or archiving purposes, if retained for historical, statistical or research purposes. This will be subject to us establishing appropriate safeguards (which can include de-identifying the records) against the records being used for any other purpose.

6.5  The transmission of Personal Information via the internet is not always completely secure and we cannot guarantee the security of Personal Information transmitted to our Sites or to any other location by electronic means and any transmission in accordance or in connection with this privacy policy is at the User’s own risk. To the extent permitted by law, we will not be liable for any loss or damage arising from such transmission of Personal Information, however, once we have received the Personal Information, we will use appropriate, reasonable, technical and organisational measures to prevent unlawful and/or unauthorised access to, Processing, loss, damage or destruction of the Personal Information.

6.6  Where there are reasonable grounds to believe that a User’s Personal Information has been accessed or acquired by any unauthorised person, we will notify the User and the Information Regulator, which is appointed as such in terms of POPIA, in writing as soon as reasonably possible after discovery of the security compromise, taking into account the nature and extent of the compromise.

6.7  We will only delay notifying a User of a security compromise of their Personal Information if a public body responsible for detection, prevention or investigation of offences or the Information Regulator determines that notifying the User will impede a criminal investigation.

6.8  In any such written notice to a User of a security compromise, we will provide the User with sufficient information, as required by POPIA, to allow them to take protective measures against the potential consequences of the compromise.

7.1  By continuing to use our Products/Services and/or our Sites:

• 7.1.1  Users agree to the terms set out in this privacy policy. If a User does not agree with this privacy policy, they should discontinue use of our Products/Services and/or our Sites and/or the products/services provided by any of our partners.
• 7.1.2  Users agree that we may Process their Personal Information for, amongst other things, (i) the purposes of providing them with access to our Products/Services and/or our Sites; and (ii) for any other purpose set out in this privacy policy.
• 7.1.3  Users agree that we may Process Personal Information to comply with all obligations imposed by law, conclude and fulfil contractual terms or obligations to a User and protect or pursue Users’, the group’s or a third party’s legitimate interests, including Users designing, offering and communicating solutions that best meet their needs.
• 7.1.4  Users agree that their Personal Information may be shared with our holding companies, subsidiary companies, agents, advisers, partners, service providers and suppliers, or in the event of a change in control if the ownership or control of all or a part of our Products/Services changes, we may transfer your information to such new owner, in compliance with the terms of this privacy policy and POPIA.
• 7.1.5  Users agree that their Personal Information may be shared where the law requires that we disclose Personal Information to a party, and where we have reason to believe that a disclosure of Personal Information is necessary to identify, contact or bring legal action against a party who may be in breach of this privacy policy or may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Users, or anyone else that could be harmed by such activities, or where the disclosure of Personal Information protects a legitimate interest of a User.

7.2  Where it is necessary by law to obtain specific Consent for Processing of any Personal Information, we will seek a User’s Consent separately.

Users must provide us with proof of identity when enforcing any of the below rights so that we can verify the identity of the User. Users must accordingly notify us as soon as possible when their Personal Information changes.

8.1 — Right of access to Personal Information.  Users have the right to request access to their Personal Information that we hold. This includes requesting (i) confirmation that we hold the User’s Personal Information, free of charge; (ii) a copy or description of the record containing the User’s Personal Information, at a prescribed fee if applicable; and (iii) the identity or categories of third parties who have had access to the User’s Personal Information, at a prescribed fee if applicable. Such requests will be addressed by us within a reasonable time and in accordance with the law. A written estimate of any applicable prescribed fees will be provided to the User before attending to their request. Users should note that the law may limit their right to access information, e.g. information relating to our intellectual property, competitively sensitive information or legally privileged information.

8.2 — Right to correction, deletion or destruction.  Users have the right to request that we correct, destroy or delete any of their Personal Information that we have Processed through our Products/Services and/or our Sites or records thereof. The Personal Information that Users may request us to correct, destroy or delete is Personal Information Processed in accordance with this privacy policy that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully or that we are no longer authorised to retain in terms of POPIA. We will take reasonable steps to make any changes necessary, which changes may take a reasonable time to reflect. We may request documents from the User to verify the changes. The deletion or destruction of a User’s Personal Information may lead to the termination of the User’s relationship with us or us being unable to provide a Product/Service and/or access to our Sites.

8.3 — Right to withdraw consent.  Users have the right to withdraw their Consent for us to Process their Personal Information at any time. The withdrawal of a User’s Consent can only be made by them on the condition that the withdrawal of their Consent does not affect the Processing of their Personal Information: (i) before the withdrawal of their Consent; (ii) if the Processing is in compliance with an obligation imposed on us by law; (iii) where such Processing is necessary for the proper performance of a public law duty by a public body; (iv) as required to finalise the performance of a contract to which they are a party; or (v) as required to protect their legitimate interests or our own legitimate interests or the legitimate interests of a third party to whom the information is supplied. The withdrawal of a User’s Consent may lead to the termination of the User’s relationship with us or us being unable to provide a Product/Service and/or access to our Sites.

8.4 — Right to object.  Users have the right to object to the Processing of their Personal Information in specific instances, on reasonable grounds relating to their particular situation, unless the Processing is required by law. Users can make such an objection to the Processing of their Personal Information where such Processing is being done: (i) for the proper performance of a public law duty by a public body; or (ii) to protect or pursue their legitimate interests, our legitimate interests or the legitimate interests of a third party the information is supplied to. Users can also object to the Processing of their Personal Information if the Processing is being done for purposes of direct marketing, other than direct marketing by means of unsolicited electronic communications in terms of section 69 of POPIA, which allows for such unsolicited electronic communications in instances where a User has given their Consent or where the User is a customer of the party sending the electronic communication and (i) the User’s contact details were obtained in the context of the sale of a product or service; (ii) for purposes of direct marketing of the party’s own similar products or services; and (iii) the User has been given a reasonable opportunity to object, free of charge, to such use of their electronic details.

8.5 — Right to complain.  Users have the right to submit a complaint to the Information Regulator regarding an alleged interference with the protection of their Personal Information Processed in accordance with this privacy policy. The Information Regulator’s contact details are published by the government from time to time in terms of POPIA. When they are published, POPIA places a duty on us to inform Users of those contact details, which contact details are set out at the end of this privacy policy.

8.6 — Right to legal action.  Users have the right to institute civil proceedings regarding an alleged interference with the protection of their Personal Information Processed in accordance with this privacy policy.

9.1  Cookies are pieces of information our Products/Services and/or our Sites transfer to a User’s hard drive for record-keeping purposes. Cookies make surfing the web easier for Users by saving their preferences and, tracking their online habits, traffic patterns, and making sure that they do not see the same advertisement too often. The use of cookies is an industry standard.

9.2  We may place a “cookie” on a User’s browser to store and sometimes track information about them.

9.3  While most browsers are initially set up to accept cookies, Users can reset their browser to refuse all cookies or indicate when a cookie is being sent. Please note that some parts of our Products/Services and/or our Sites may not function properly or may have limited functionality if a User refuses cookies.

When Users make use of our Products/Services and/or our Sites, they could be directed to other site/s that are beyond our control. These other site/s may send their own cookies to Users, collect data or solicit Personal Information from them. We shall not be responsible for any loss or damage suffered by Users as a result of their engagement with third-party sites. Users acknowledge and agree that they access third-party sites at their own risk and should review the applicable privacy policies of those third-party sites before providing Personal Information to them.

11.1  We may Process Users’ Personal Information for the purposes of providing them with information regarding services that may be of interest to them. Users may opt out or unsubscribe for free at any time.

If a User is currently receiving marketing information from us which they would prefer not to receive in the future, please email us at compliance@tslgroup.co.za or alternatively, unsubscribe using the unsubscribe function when receiving marketing communication from us. We will process all unsubscribe or opt-out requests within a reasonable time.

If a User is a juristic person, such as a company or close corporation, we may collect and use Personal Information relating to the juristic person’s directors, officers, employees, beneficial owners, partners, shareholders, members, authorised signatories, representatives, agents, payers, payees, customers, guarantors, spouses of guarantors, sureties, spouses of sureties, other security providers and other persons related to the juristic person. These are related persons. If Users provide the Personal Information of a related person to us, they warrant that the related person: (i) is aware that they are sharing their Personal Information with us to be Processed in accordance with this privacy policy; and (ii) that the related person (or someone authorised on their behalf) has Consented thereto and has been informed of their rights in terms of POPIA. Accordingly, references to “User(s)” in this privacy policy will include related persons with the necessary amendments and limitations.

The companies in our group may cede, delegate or assign, fully or partially, their rights and obligations under this privacy policy to another company. This assignment may take place without User Consent. Personal Information related to a User of one company may also be transferred to another company. The other company will adhere to all privacy laws, all privacy undertakings the group has given and all Processing and marketing Consent preferences the User has provided to the group (including opt-ins and opt-outs). The group will provide the User with notification of this transfer of Personal Information.

We reserve the right to vary and/or update the terms of this privacy policy from time to time. In the event of any material changes, we will notify Users in writing of such material changes and provide Users with an opportunity to review the revised policy before they choose to continue to make use of our Products/Services and/or our Sites. It is the User’s responsibility to familiarise themself with the most recent version of this privacy policy each time they access our Products/Services and/or our Sites and before electing to continue to make use of our Products/Services and/or our Sites. Continued use of our Products/Services and/or our Sites following notification to the User of any material changes to our privacy policy shall constitute acceptance by the User of the revised policy and those material changes.

15.1  If you wish to exercise any of your rights provided for in this privacy policy, please submit your request in writing to our Information Officer. We will respond to your request within the allowable time frames consistent with the applicable laws. To protect a User’s privacy when exercising their rights we may require you to verify your identity.

15.2  Any communications or queries relating to POPIA or this privacy policy, including a request for correction or an objection, can be directed to our Information Officer, whose details are as follows: