Privacy Policy
Please read this Privacy Policy carefully to understand how we handle your Personal Data. If you do not agree to this Privacy Policy, please do not use this Website, Platform and/or related Services. This Policy does not cover the practices of companies we do not own or control.
1. INTRODUCTION
- Gondwana Plus (Pty) Ltd t/a Sebenza is a private company incorporated in the Republic of South Africa. Our company registration number is 2018/399310/07 and our registered office is Block E, First Floor, Meadowbrook Business Park.
- In this Privacy Policy “Sebenza”, “us”, “we” and “our” means Gondwana Plus (Pty) Ltd t/a Sebenza.
- We strive to ensure that our use of the Personal Data of data subjects is lawful, reasonable, and relevant to our business activities, to improve your experience as a User and customer, or prospective customer.
- This Privacy Policy is incorporated into our Terms and Conditions. All capitalized terms used but not defined in this Privacy Policy have the meanings assigned to them in the Terms and Conditions. Other defined terms used in this Policy are explained in Annexure A.
- By providing us with your Personal Data, you:
• agree to this Privacy Policy and authorise us to Process and share such data as set out in this Policy; and
• authorise Sebenza, our Service Providers and other listed third parties to Process your Personal Data for the purposes stated in this Privacy Policy.
2. CONTACT US
We have appointed an Information Officer responsible for overseeing questions concerning this Privacy Policy. You may contact our Information Officer, Calvin Le Mottee, at calvin@sebenza.taxi or call us on 062 677 6517 to discuss this Privacy Policy, your rights under data protection laws applicable to you, and to raise any complaints with us.
3. OUR SERVICES
We own and operate the sebenza.taxi website and Wi-Fi facilities (“Platform”) which, among others:
• provides commuters with an internet connection and limited access to the internet;
• provides commuters with access to information, products and services;
• allows Advertisers to advertise and market products and services to Users as well as generate customer leads;
• facilitates engagements, surveys, questionnaires, market research and general feedback between Advertisers and Users.
(Collectively the “Services”)
4. WHO DOES THIS PRIVACY POLICY COVER?
- This Privacy Policy explains how we protect and use your Personal Data.
- This Policy applies to all external parties with whom we interact, including but not limited to:
• Users of the Services through the Platform; • Advertisers; and
• our suppliers, and contractors. - This Privacy Policy must be read together with our Terms and Conditions, and any other documents, agreements or privacy notices that describe how we collect or use Personal Data about you using the Platform.
5. WHAT PERSONAL DATA DO WE COLLECT AND HOW WE COLLECT IT
- We will collect, acquire, receive, record, organise, collate, store, update, change, retrieve, read, process, analyse, use and share your Personal Data in the manner described in this Privacy Policy. When we perform one or more of these actions, we are “Processing” your Personal Data.
- We obtain Personal Data about you through the means discussed below when you use the Services through the Platform. We need certain types of data to provide the Services to you. If you do not provide us with such data, or ask us to delete it, you may no longer be able to access or use part or all our Services.
5.1 Data you provide directly to us
We collect a variety of Personal Data that you provide directly to us. For example, we collect data from you when you:
- open and register an account on the Platform;
- submit your answers to forms, surveys, and questionnaires;
- watch advertisements and other content, and you indicate that you are interested in the advertised products or services;
- otherwise take part in Advertisers’ market research and surveys on the Platform.
The types of Personal Data we collect will depend upon the Services you use, how you use them, and the data you choose to provide. The types of data we collect directly from you include:
- Contact details: including your physical and postal address, telephone number, email address;
- Identifying information: including your name, sex, marital status, date of birth, gender, legal status, Government-issued identity number, or passport number;
- Location details: such as your GPS coordinates when using the Platform;
- Any other information you choose to directly provide to us in connection with your use of the Service.
- Taxi operator: if you are a taxi operator, we will also collect your driver’s license information, vehicle registration, model, colour and make to monitor and protect our equipment installed in your taxi.
5.2 Data we collect through passive (automated) means
We collect certain data about your use of the Services and the devices you use to access the Services. We and our service providers may use a variety of technologies, including cookies and similar tools, to assist in collecting this data.
When you use our Platform:
- we collect and process technical and usage data such as your IP address, mac address, browser types and version, and login data.
- Additionally, we collect information on browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar data.
- Through cookies and similar technologies, we and our service providers use web server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies.
- We use these technologies to offer you a more tailored experience.
5.3 Data we collect from other third parties
We may receive limited Personal Data about you as a User (such as online identifiers and cookies) from the following sources:
- our information technology, and analytics providers;
When we collect your Personal Data from third parties it is either because you have given us express consent to do so, your consent was implied by your actions, or because you provided consent, either explicit or implicit, to the third party that provided this data to us.
6. HOW AND WHY, WE PROCESS YOUR PERSONAL DATA
6.1 Consent
- we will collect, store, use and share Personal Data provided by you as described in this Policy and the relevant consent form to carry out, improve, and manage the Services;
- where required by law, we may process your contact data for direct marketing and advertising purposes based on your consent.
- You may withdraw your consent at any time after giving it as described in this Policy.
6.2 Contract
We process your Personal Data if it is necessary to enter or perform under a contract that we have with you as a User, or to provide a solution to you as a User. This includes:
- to provide you with the Services, technical support and solutions they have requested;
- to communicate with you about the Services, your use of the Services, or your inquiries related to the Services and send you communications on behalf of third parties using the Services to meet your needs.
- to respond to User enquiries and complaints;
- to meet record-keeping obligations;
- transferring limited and necessary Personal Data to our contracted service providers (such as server hosts and technical support) in performing our obligations to you;
- for security and identity verification, and to check the accuracy of your Personal Data; and
- for any other related and lawful purposes.
6.3 By Law
We process your Personal Data if the law requires or allows it. This includes:
- verifying your identity to comply with legislative, regulatory, professional, risk and compliance requirements;
- to fulfil reporting requirements and data requests;
- to meet record-keeping obligations;
- for any other related purposes.
6.4 Legitimate Interests
We process your Personal Data when it is necessary to protect your legitimate interests as a User, or to pursue our legitimate interests, or that of our Advertisers. We ensure that our legitimate interests are not overridden by your rights and interests as a data subject.
Our primary interest is to serve both Users and Advertisers by facilitating, in a balanced, proportionate and responsible manner:
- free access to the internet by Users when commuting;
- access by Users to Advertisers’ information, products and services that Users may be interested in;
- communication and market research between Advertisers and Users to enable Advertisers to improve their products, services and customer relations;
- reporting on aggregated statistics regarding, for example, the effectiveness of digital advertising campaigns.
We may also process Personal Data for other legitimate interests such as:
- to optimise and protect the Platform and our systems:
- to prevent against fraud, security breaches, misuse, and other prohibited or illegal activity, claims and other liabilities; ▪ to maintain the safety, security and integrity of our Platform, our Services, equipment, products, databases, networks and other technology assets;
- for analytics, to gather metrics to better understand how Users and Advertisers use the Platform, and to evaluate and improve our Services
- to enforce and defend legal claims;
- to manage business continuity situations and emergencies;
o for other related and lawful purposes disclosed to you at the time of collection.
6.5 Third-party Collection
When we collect your Personal Data from third parties it is because such third parties have:
- authorised or instructed us to do so; and
o have represented to us (either express or implied) that:
(a) their instructions are lawful;
(b) they are allowed to disclose such Personal Data to us;
(c) they will, where required by law, obtain the necessary consents or justify the necessary legitimate interests pursued (Sec 11(1)(d) & (f) of POPIA), and provide all necessary data and privacy notices to you as a Data Subject.
We use your Personal Data only for the purpose for which it was originally collected by the relevant Responsible Party and strictly following their instructions and authorisation.
6.6 Combined Data
For the purposes discussed in this Privacy Policy, we may combine the data that we collect through the Services and use and share such combined data following this Privacy Policy.
6.7 Further processing limitation
We will not collect other categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you and our customers notice.
7. DISCLOSURE OF PERSONAL DATA
- We may provide access to and disclose your Personal Data for legitimate business purposes, following applicable law and subject to applicable regulatory requirements on confidentiality and appropriate data protection measures.
- We may disclose your Personal Data in the following ways:
Data that is no longer personally identifiable
We may anonymise your Personal Data so that you are not individually identified, and provide that information to Advertisers. We may also provide aggregate usage data to Advertisers, who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage data to an Advertiser in a manner that would identify you personally, as an individual.
Disclosed Advertiser(s) or categories of Advertiser(s)
Where we collect your Personal Data through our own forms, surveys and questionnaires (and not those supplied directly by Advertisers), we may share that data to the Advertiser(s) or categories of Advertiser(s) which include, but are not limited to, Betting Companies, Financial Services Providers, NGO’s, Entertainment, Insurance or Education.
We also allow Advertisers to choose the demographic information of Users who will see their advertisements and/or promotional offers and you accept that we may provide any of the data we have collected from you in non-personally identifiable form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers.
- for example, we might use the fact you are located in Johannesburg to show you ads or offers for Johannesburg businesses, but we will not tell such businesses who you are; or
- we might allow Advertisers to display their ads to Users with similar usage patterns to yours, but we will not disclose usage information to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the advertiser may conclude that you fit the description of the audience they were trying to reach.
Our Service Providers (Operators) to carry out the Services
We provide limited access to or share your data with Service Providers who use the data to perform part of the Services on our behalf, and whose help we need to conduct our business operations (such as server hosts and technical support) and that:
- (a) have agreed to be bound by this Privacy Policy and our Data Protection Policy or by similar terms offering a similar or higher level of protection; and
- (b) based on our instructions, are not authorised by us to use or disclose the data except as strictly necessary to perform the services on our behalf as instructed or to comply with legal or professional requirements.
We will only authorise the processing of any Personal Data by a third party by, among others, entering into agreements with those third parties governing our relationship with them and highlighting instructions, confidentiality, security and non-disclosure obligations.
For the protection of Sebenza and others
By accepting our Terms and Conditions, you acknowledge and agree that we may access, keep and disclose the data we collect and maintain about you if required to do so by law or, in good faith, believe that such access, retention or disclosure is reasonably necessary to:
- (a) comply with legal process (e.g., a subpoena or court order);
- (b) enforce our Terms and Conditions, this Privacy Policy, or other contracts with you, including investigating any potential violations to such terms and policies;
- (c) respond to claims that any content violates the rights of third parties;
- (d) respond to your requests for customer service; and/or
- (e) to mitigate any actual or reasonably perceived risk, or to protect the rights, property or personal safety of Sebenza and its Service providers, its Users, customers and/or the public. This includes exchanging data with other companies and organizations for fraud protection, and similar purposes.
Business transfers
We may buy, merge, partner with or be acquired by other companies. In such transactions, (including in contemplation of such transactions) User data may be among the transferred assets. If a part or all our assets are sold or transferred to a third party, User data (including your contact and identifying data) would likely be one of the transferred business assets. If such transfer is subject to more mandatory restrictions under applicable laws, we will comply with such restrictions.
With your consent
We may also disclose your data in other ways you direct us to and when we have your consent.
8. COMPULSORY DATA AND CONSEQUENCES OF NOT SHARING WITH US
- Where we must process certain Personal Data by law, or in terms of a contract that we have entered directly with you, and you fail to provide such Personal Data when requested to do so, we may be unable to perform in terms of the contract in place or are trying to enter into with you. In such a case, we may have to terminate the contract and/or relationship with you, upon due notice to you, which termination shall be done per the terms of that contract and any applicable legislation.
- The voluntary or compulsory nature of data requested directly from you by our Advertisers will be clear from the relevant form, survey or questionnaire at the point of collection. We encourage you to carefully read the privacy policies and notices of our Advertisers when supplying your data directly to them through the Platform.
9. WHEN AND WILL WE USE YOUR DATA TO MAKE AN AUTOMATED DECISION ABOUT YOU
We do not use your Personal Data to make any automated decisions about you.
10. TRANSFERRING YOUR PERSONAL DATA OUTSIDE OF SOUTH AFRICA
- We reserve the right to generally transfer to and/or store your Personal Data on servers in a jurisdiction other than where it was collected, or outside of South Africa in a jurisdiction that may not have comparable data protection legislation.
- Where data is transferred or stored outside of South Africa and the location does not have adequate data protection laws, we will take reasonably practical steps, including the imposing of suitable contractual terms and conduct a due diligence to ensure that your Personal Data is adequately protected in that jurisdiction.
11. SECURITY AND INTEGRITY
11.1. We will take appropriate and reasonable technical and organisational steps to protect all Personal Data held by us in line with industry best practices, including protection against accidental or unlawful destruction, accidental loss or alteration, and unauthorised disclosure or access. This includes the following:
- keeping systems secure (such as monitoring access and usage);
- storing records securely;
- controlling the access to our premises, systems and records;
- safely destroying records;
- encrypting and/or password protecting sensitive data;
- protecting our servers using firewalls and limiting access to Personal Data on a strictly need to know basis;
- testing the security of our Platform and IT systems regularly;
- periodically reviewing our collection, storage and processing practices, including physical and digital security measures
11.2. However, no data transmission over the internet or electronic can be guaranteed to be 100% secure. As such, you acknowledge and accept that we cannot guarantee the security of your data transmitted to or through our Platform or via the internet and that any such transmission is at your own risk. However, we are subject to POPIA which we comply with.
11.3. We will notify you and the relevant regulatory authorities of any data breaches where we are legally required to do so and within the prescribed period.
11.4. Where we have given you (or where you have chosen) a password that enables you to access the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Please note that any data you share in public areas (such as community forums) may be viewed by any User of the Services.
12. RETENTION AND DELETION
12.1. We will only keep your Personal Data for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless:
- retention of the record is needed or authorised by law; or
- you have consented to the retention of the record for a specified period.
12.2. The length of time for which we keep data depends on the purposes for which we collected and use it and/or as needed to comply with applicable laws.
12.3. If there are no other lawful grounds for us to continue processing your Personal Data, we will destroy such data using secure methods.
12.4. Data that is transferred to us by Advertisers will be destroyed after a maximum period of three months or earlier if Advertisers select to delete and update their data on the Platform.
13. MAINTENANCE, CORRECTIONS AND ACCESS
13.1. Where we act as a Responsible Party, we are required to take all necessary steps to ensure that your Personal Data is accurate, complete, not misleading and up to date.
13.2. Anyone about whom we keep Personal Data may request to inspect and, if appropriate, correct the Personal Data held by us. It is your responsibility to inform us should your Personal Data be incorrect, incomplete, misleading or out-of-date by contacting us. We may require other data from the requesting party to confirm the legitimate basis for the request and the identity and authority of the requestor. Upon receipt and verification of the corrected Personal Data, we will adjust our data or records accordingly.
13.3. A request for correction/deletion of Personal Data or destruction/deletion of a record of Personal Data must be sent using the prescribed Form 2 which is available on the Information Regulator’s website or our Access to Information Manual.
14. YOUR DATA PROTECTION RIGHTS
14.1. Data protection laws may grant you, among others, the following rights:
- Request access to your Personal Data – enabling you to receive a copy of the Personal Data kept about you;
- Request the correction of your Personal Data – to ensure any incomplete or inaccurate Personal Data is corrected;
- Request erasure of your Personal Data – where there is no lawful basis for the retention or continued processing of your Personal Data you may request the deletion of your account profile with us;
- Object to the processing of your Personal Data for a legitimate interest (or those of a third party) – under certain conditions where you feel it affects your fundamental rights and freedoms;
- Request restriction of processing of your Personal Data – to restrict or suspend the processing of your Personal Data to limited circumstances;
- Withdraw consent given in respect of the processing of your Personal Data at any time – withdrawal of consent will not affect the lawfulness of any processing carried out before your withdrawal notice. But may not affect the continued processing of your Personal Data in instances where your consent is not needed.
14.2. If an above request/objection is to be made, please use the contact information in paragraph 2 above and we will revert within 30 calendar days.
Please Note: Where allowed by law, we may keep your Personal Data even if you no longer have a relationship with us or if you ask that we delete or destroy it.
15. CHILDREN
15.1. Our Platform and Services are not targeted at and do not collect Personal Data from people under the age of 18. On accessing the Platform, we require all Users to verify that they are 18 years of age or older.
15.2. We will not knowingly collect Personal Data in respect of persons under 18 years of age without express permission to do so, unless allowed by law.
16. THIRD-PARTY OPERATORS AND SUB-OPERATORS
16.1. We use external processors (“Operators”) and sub-processors (“Sub-Operators”) for certain processing activities and to help in the delivery of Services.
16.2. We reserve the right to change our Operators at any time without further notice to you, but we will ensure these persons have an obligation to keep your Personal Data secure and confidential. 16.3. Such external processing activities include, but are not limited to:
- IT systems, servers and infrastructure;
- Hosting and email infrastructure;
- record-keeping infrastructure.
16.4. We conduct due diligence in respect of our external Operators before forming a business relationship. We obtain company documents and references to ensure the Operator is adequate, appropriate and effective for the task we employ them for.
17. WEBSITE FORMS
17.1. Any forms which are available on our website are powered by JotForm who is subject to the GDPR.
17.2. When you fill out a form, the data that you give will be forwarded to JotForm and will be collated into an email and sent to us.
17.3. The data that you give via the form will not be stored within our website’s own database or in any of our internal computer systems.
17.4. Your data will remain within JotForm’s secure database in the European Union for as long as we continue to use JotForm’s services or until you specifically request removal by emailing us.
17.5. We consider JotForm to be a third-party Operator.
18. DIRECT MARKETING (ELECTRONIC MEANS)
18.1. The Platform relies on advertising and marketing to sustainably provide Users with free wireless access to the internet.
18.2. Sebenza would like to send you information about their product and service offerings we believe may be of interest to you.
18.3. Sebenza
We may send Sebenza marketing materials to you as a User by email and by SMS, only if:
- your name and contact details were obtained in the context of registering on our Platform and using our products or Services;
- we contact you to market our similar products or Services; and
- once you have chosen to opt-out, we may send you written confirmation of receipt of your opt-out request (which may be in electronic form), and we will thereafter not send any further direct marketing communication to you. However, you may continue to receive communication from us on matters of a regulatory nature, which are not marketing related.
18.4. Advertisers
If Advertisers would like to send their own marketing materials to you, they may do so if allowed by law and following their own privacy policies and notices (see heading Privacy and Data Protection Policies of Advertisers below).
19. PRIVACY AND DATA PROTECTION POLICIES OF ADVERTISERS
19.1. If your Personal Data is collected and processed by third parties (including Advertisers), you should read their relevant privacy notice, terms and conditions, and other data protection policies. We are not responsible for their data protection policies and practices where they act as Responsible Parties. Any Personal Data you give to those organizations will be dealt with under their privacy notice, terms and conditions, and data protection policies.
19.2. IF YOU DISCLOSE YOUR PERSONAL DATA DIRECTLY TO ANY THIRD PARTY OTHER THAN SEBENZA, WE SHALL NOT BE LIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY YOU AS A RESULT OF YOUR DISCLOSURE OF YOUR DATA TO SUCH THIRD PARTIES.
20. COOKIES
20.1. We may place small text files called “cookies” on your device when you visit our Website. Cookies do not hold Personal Data, but they do contain a personal identifier allowing us to Affiliate your Personal Data with a certain device. Cookies serve useful purposes for you, including:
- Remembering who you are as a User of our Website to remember any preferences you may have selected on our Website, such as saving your username and password, or settings (“functional cookies”);
- allowing our Website to perform its essential functions. Without these cookies, some parts of our Website would stop working (“essential cookies”). For example, data on error messages displayed to Users will be collected and the developer team will assess and solve it.
- monitoring how our Website is performing, and how you interact with it to understand how to improve our Website or Services (“site analytics”).
20.2. See our Cookie Statement for more information on our use of cookies.
20.3. Your internet browser may accept cookies automatically and you can delete cookies manually. However, no longer accepting cookies or deleting them may prevent you from accessing certain aspects of our Website where cookies are necessary.
20.4. As cookies are stored in the web browser used to access our Website, to disable cookies Users need to change the settings on that browser.
20.5. Many websites use cookies and more information is available at: www.allaboutcookies.org
21. MOBILE OPT-OUT BY DEVICE SETTINGS
21.1. Data is only processed to show you the most relevant advertising content and to provide statistical analytics products and services. If you wish that your location be private, you can turn the geo-location feature off within the location settings of your device. In addition to this, you can disable ad tracking on your device so that we and/or any Advertisers will no longer include device information in audience segments or analytics products and services.
21.2. The following instructions explain how to turn off ad tracking for Apple and Android devices:
iOS 6:
Choose Settings > General > About > Advertising
Turn on Limit Ad Tracking
iOS 7 or higher:
Choose Settings > Privacy > Advertising
Turn on Limit Ad Tracking
Android 2.3 or higher:
Choose Google Settings > Ads
Check opt out of interest-based ads
22. GOVERNING LAW
22.1. This Privacy Policy is governed by South African law.
22.2. If any provision of this Privacy Policy is determined to be illegal, void or unenforceable due to applicable law or by order of a court, it shall be deemed to be deleted and the continuation in full force and effect of the remaining provisions shall not be prejudiced.
23. CHANGES TO THIS POLICY
23.1. We may amend this Privacy Policy from time to time and we will take practical steps to inform you when changes are made. Without limiting how we may inform you, we may notify you by email, or when you access our Website.
23.2. The date this Privacy Policy was last revised is found at the top of the document. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. If we make a material change to the Privacy Policy, we will provide you with proper notice per legal requirements.
23.3. Your continued use of our Services after such amendments (and notice, where applicable) will be deemed your acknowledgement of these changes to this Privacy Policy.
24. QUERIES, COMPLAINTS, AND INFORMATION REGULATOR
If you have any questions or complaints about your privacy rights or this Privacy Policy, please address your concerns to our Information Officer at ian@sebenza.taxi. If you feel our attempts at resolving the matter have been inadequate, you may complain to the South African Information Regulator through their website, https://www.justice.gov.za/inforeg/.
ANNEXURE A – DEFINITIONS
“GDPR”
General Data Protection Regulation 2016/679.
“Operator”
any person or entity that Processes Personal Data on behalf of a Responsible Party.
Personal Data
information or data relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to information relating to –
• race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
• education or the medical, financial, criminal or employment history of the person;
• any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
• the biometric information of the person.
“Platform”
the Website and WIFI facilities.
“POPIA”
Protection of Personal Information Act 4 of 2013.
“Responsible Party”
the person that decides how and why Personal Data is Processed. Responsible Parties may instruct Operators to processes Personal Data on their behalf.
“Services”
as defined in clause 3 of this Privacy Policy.
”Service Provider”
third party providers of various services to us or on our behalf, including, billing, sales, shipping, marketing, advertising, analytics, research, customer service, payment processing, providers of information technology, communication, file storage, data storage, IT and security, videoconferencing, fraud prevention, accounting, auditing and legal services, our insurers and professional advisors.
“Sensitive Personal Data”
Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life or orientation, any actual or alleged criminal offences or penalties, or any other data that may be deemed to be sensitive under applicable law.
“Website”
sebenza.taxi
sebenza.tech