Help Contact Us

Data Privacy Policy

We at the Ignition Group take your privacy seriously and are committed to protecting your Personal Information. We place a high premium on the privacy of every person or organisation with whom we interact and therefore acknowledge the need for Personal Information to be handled with a reasonable standard of care.

This Data Protection and Privacy Policy (‘’Policy’’) relates to our Processing of your Personal Information when you interact with us, access our Platforms and/ or use our Offerings. It explains how we undertake to Process Personal Information in a manner which promotes the constitutional right to privacy, while retaining accountability and managing Data Subject participation.

With our headquarters in Durban, South Africa, we are a global customer acquisition business, operating in the telecommunications, home services, and financial services sectors.

We are committed to complying with the Applicable Laws in the multiple jurisdictions in which we, and you, operate. We have therefore drafted this Policy in accordance with the provisions of POPIA, which governs Data protection in South Africa, and in consideration of the following international Applicable Laws:

  1. General Data Protection Regulation (European Union) 2016/679, which governs Data protection in respect of the European Union;
  2. Federal Data Protection Act, updated as of 1 September 2023, which governs Data protection in respect of Switzerland;
  3. Data Protection Act 2018 which governs Data protection in respect of the United Kingdom;
  4. California Consumer Privacy Act of 2018, as amended and expanded by the California Privacy Rights Act of 2020, which may be employed for Data protection within the United States of America.
  5. Consumer Data Protection Act, effective 1 January 2023, which governs data protection and privacy in respect of Virginia within the United States of America.

(collectively referred to as “International Data Protection Laws”).

By engaging with us, electronically or physically, you Consent to the Processing and transfer of your Personal Information as set out in this Policy.

Definitions

  1. “Affiliate/s” means any entity which is associated with the Ignition Group through common ownership, as per Annexure A2 below;
  2. “Anonymisation” means the process of turning Personal Information into anonymous information so that a Data Subject is not (or is no longer) identifiable;
  3. “Annexure/s” means any annexure attached to this Policy, as amended from time to time;
  4. “Applicable Law/s" means any laws applicable to the protection and Processing of Personal Information, with particular emphasis on POPIA and the International Data Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive, ruling or subordinate legislation, the common law, any binding court order, judgment or ruling, any applicable industry code, policy or standard enforceable by law, or any applicable direction, policy or order that is given by any regulator, competent authority or organ of state or statutory industry body;
  5. “Biometric” is a technique of personal identification based on physical, physiological, or behavioural characterisation.
  6. “Biometric Information” is information derived from techniques to identify individuals based on physical, physiological, or behavioural characterisation, including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.
  7. “Child” means a natural person under the age of 18 (eighteen) (including the plural “Children”);
  8. “Consent” means any voluntary, specific and informed expression of will, in terms of which permission is given for the Processing of Personal Information as contemplated in Applicable Laws;
  9. “Cookies” are a small amount of Data generated by a website and saved by your web browser. Its purpose is to remember information about you. If Data Subjects elect not to receive Cookies, they may be able to view some, but not all, of the content on our Platforms;
  11. “Data’’ means Personal Information, Usage Data, Cookies and/or Location Data; “Data Protection Authority” means the relevant regulatory authoritative bodies in the respective jurisdictions established in terms of Applicable Laws;
  12. ‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the Electronic Communications and Transactions Act, No. 25 of 2002;
  13. “Electronic Communication” shall have the same meaning as ascribed to the term in terms of POPIA;
  14. ‘’Financial Details’’ means information provided by your bank such as:
    1. account information, including bank name, account name, account type, account holder, branch number;
    2. identifiers and information about the account holder(s), including name, email address, phone number, date of birth, gender, and address information;
    3. information about account transactions, including amount, date, type, price, and a description of the transaction;
    4. and deductions from your bank account where necessary for the fulfillment of Offerings provided by the Ignition Group.
  15. “Location Data” means the information about the physical location of a Data Subject’s device. Depending on the Data Subject’s location, the Personal Information or Personal Data will be processed in accordance with Applicable Laws;
  16. "Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its subsidiaries, as incorporated from time to time, the particulars of which are recorded in Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this Policy, we are the responsible party as defined in Section 1 of POPIA;
  17. “Offering/s” refer to the products or services provided by the Ignition Group including those provided by any of our Affiliates;
  18. “PAIA” means the Promotion of Access to Information Act 2 of 2000;
  19. “Personal Information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
    1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
    2. information relating to the education or the medical, financial, criminal or employment history of the person;
    3. any identifying number, symbol, e-mail address, physical address, telephone number, Location Data, online identifier or other particular assignment to the person; the Biometric information of the person;
    4. the personal opinions, views or preferences of the person; correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
    5. the views or opinions of another individual about the person;
    6. and the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person.
  20. “Platform/s” collectively means our Website and any other websites, mobile applications or other digital interfaces operated or managed by us;
  21. "POPIA" means the Protection of Personal Information Act, No. 4 of 2013 and the regulations thereto, as amended or replaced from time to time;
  22. ‘’Processing’’ means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
    1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
    2. dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means;
    3. or merging, linking, blocking, degradation, erasure or destruction.
    4. For the purposes of this definition, "Process" has a corresponding meaning
  23. “Pseudonymisation’’ means the Processing of Personal Information in such a manner that the Personal Information can no longer be attributed to a specific person without the use of additional information.
  24. “Record/s” means any recorded information which the Responsible Party possesses or controls, regardless of its form or the material on which it is contained, including computer hardware or software. A Record can be electronic or paper- based, but it must form part of a filing system to be included.
  25. “Responsible Party” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for processing personal information. For purposes of this Policy, we are the responsible party as defined in Section 1 of POPIA;
  26. “Service Provider/s” means any independent juristic or natural person contracted by the Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing Offering or provide additional Offerings to you;
  27. “Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms Investments Proprietary Limited, as per Annexure A1 below;
  28. "Unique Identifier" means any identifier that is assigned to a Data Subject and is used by the Responsible Party for the purposes of the operations of that Responsible Party and that uniquely identifies that Data Subject in relation to the Responsible Party;
  29. “Usage Data’’ is data collected automatically, either generated by the use of an Offering, or our Platforms (for example, the duration of a Website page visit), as more fully described at clause 5 below;
  30. “Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our Subsidiary and/or Affiliate company websites.

INFORMATION WE MAY COLLECT FROM YOU

  1. When you engage with us, whether physically, electronically, or through the use of our Offerings, facilities or Platforms, you may be required to provide your Personal Information. In some instances, especially when you interact with our Platforms or Websites, we may automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be Processing your Data and will do so in terms of this Policy.
  2. There may be instances where we have collected your Personal Information from other sources such as our Service Providers, social media networks and blogs (where the posting of your Personal Information may make it public information) and business associates, and in such instances, we will inform you by virtue of the updates in this Policy.
  3. When you provide us with the Personal Information of any other person, we will Process the Personal Information of such person in accordance with this Policy, as well as any terms and conditions or other relevant policies to which this Policy relates.
  4. We may Process the following types of Personal Information from time to time, including but not limited to:
    1. full names;
    2. identity numbers;
    3. registration numbers;
    4. Financial Details;
    5. statutory information;
    6. physical and postal address particulars;
    7. telephone numbers;
    8. and/or email addresses.
  5. When collecting Personal Information from you, we will comply with the notification requirements as set out in Applicable Laws, including the requirements set forth in Section 18 of POPIA.
  6. When you provide us with such Personal Information, we may also be required to confirm that you are a competent person and that you have authority to give the requisite Consent to enable us to Process such Personal Information.
  7. You may not always be required to provide the Personal Information that we have requested. However, if you choose not to provide certain information, you may not be able to take advantage of some of our Offerings and fully utilize our Platforms.
  8. We Process Personal Information primarily to optimise the delivery of our Offerings and Platforms, administer our business operations, ensure a legally compliant workplace environment and safeguard your Personal Information in our custody.
  9. We may Process the Personal Information collected from you for other legitimate, justifiable business purposes including, but not limited to, the following:
    1. to provide or manage any information as requested by or received from you, in general;
    2. to establish your needs, wants and preferences in relation to the Offerings provided by us and our Affiliates;
    3. to help us identify you when you engage with us for the first time or after an extended period of time from the last interaction;
    4. to allocate Unique Identifiers to you for the purpose of securely storing, retaining and recalling your Personal Information from time to time;
    5. to facilitate your access to our premises;
    6. to maintain your Records as an existing customer;
    7. for employment purposes;
    8. for general administration purposes;
    9. for legal and/or contractual purposes;
    10. to provide features, add value, or improve the quality and customise our Offerings and Platforms;
    11. improve the quality of our Offerings and Platforms;
    12. to communicate with you for marketing and non-marketing purposes;
    13. to transfer Personal Information within the Ignition Group and our Affiliates so as to enable us to market our Offerings to you or other Data Subjects;
    14. to transfer or share Personal Information with select Service Providers on a need-to-know basis so as to enable us to deliver services to you, including credit bureaus to assess and verify the profile of you as a potential customer for purposes of receiving our Offerings;
    15. to analyse the Personal Information collected for research and statistical purposes;
    16. to transfer Personal Information from South Africa to other jurisdictions if it is required as stipulated in Clause 9 herein;
    17. to carry out analysis and customer profiling in order to identify other products and services which might be of interest to you, as well as to inform you of such products and/or services;
    18. or for fraud prevention and detection, and to protect and defend the rights and property of Ignition Group, our employees, our Affiliates and business associates.
  10. We will not Process your Personal Information for any purpose other than for the purposes set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless we are permitted or required to do so in terms of Applicable Laws.
  11. We will Process Personal Information in compliance with the conditions as set out in Applicable Laws, to ensure that your privacy is protected.
  12. We may from time-to-time Process Personal Information by making use of automated means (without deploying any human intervention in the decision-making process) to make decisions about you or your application. In this instance it is specifically recorded that you may object to or query the outcomes of such a decision. Requests to contest decisions based solely on automated processing will be authenticated prior to processing the request

PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES

  1. We acknowledge that we may only Process your Personal Information to contact you for purposes of direct marketing when it is generally permissible to do so in terms of Applicable Laws and where we have complied with the provisions of those Applicable Laws.
  2. Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to you to object (opt-out) to the use of your Personal Information for our marketing purposes at the point of collection and on the occasion of each direct marketing communication to you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be actioned within Ignition Group.
  3. You may opt out of receiving promotional Electronic Communications from us by following the instructions in those communications. If you opt-out, we may still send you non-promotional Electronic Communications relating to the Offerings you have taken up.

COOKIES

  1. Our Platforms use Cookies to keep track of your visits and activity on the Platform
  2. For information related to the use of Cookies, please see our Cookie Policy on our Website./li>

USAGE DATA

  1. We may also Process Usage Data that your browser sends whenever you visit or engage with our Platforms or when you access our Offerings by or through any device.
  2. This Usage Data may include information such as your device Internet Protocol (‘’IP’’) address, browser type, browser version, the Websites that you visit, the pages of other websites and the uniform resource locator (“URL”) of such pages, the time and date of your visit to those pages, the time spent on those pages, unique device identifiers, URL data for market segmentation purposes and other diagnostic data. It may also include information in terms of the type of device you use, your device unique ID and your device operating system.

LOCATION DATA

  1. With your permission, by enabling your location services, we may Process your Location Data in order to provide features, add value or improve or customise our Offerings
  2. You can enable or disable your location services when you use any of our Platforms, at any time, by way of your device settings.

Security of Your Personal Information

  1. We take all reasonable and appropriate steps to protect your Personal Information against loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
  2. We use appropriate technical and organisational measures to protect your Personal Information. These measures include, but are not limited to, physical access controls and strict confidentiality measures, encryption, internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of Processing.
  3. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Please remember that no method of transmission over our Platforms or electronic storage is absolutely secure.

HOW LONG WE RETAIN YOUR DATA

  1. We retain your Data for no longer than necessary.
  2. The retention time will depend on:
    1. purpose for which the information was collected or subsequently processed;
    2. any legal obligations we have in terms of Applicable Laws;
    3. the nature of any contracts we have in place with you; or the existence of your Consent
  3. It is specifically recorded that you have the right to object to the Processing of your Data at any time during the Processing. However, we would be required to retain and store your Data for the purposes of swiftly dealing with such an objection or enquiry.
  4. We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We generally retain your Usage Data for a shorter period, except when it is used to strengthen the security or to improve the functionality of our Offerings, or we are legally obligated to retain it for longer time periods.

TRANSFER OF YOUR DATA

  1. Your Data may be transferred to, Processed and maintained outside of your city province, country or other governmental jurisdiction where the Applicable Laws may differ from those of your jurisdiction.
  2. If you are located outside the Republic of South Africa and choose to provide information to us, please note that we may transfer your Data to the Republic of South Africa and Process it there
  3. Your Consent to this Policy followed by your submission of such Data represents your Consent to such transfer.
  4. We will take reasonably necessary steps to ensure the secure treatment of your Data in accordance with this Policy. Your Data will not be transferred to an organization or country unless adequate data protection laws or controls are in place to safeguard your Data
  5. In addition, we will purge, anonymise or delete your Personal Information in accordance with Applicable Laws, and other regulatory and compliance requirements.

PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS

  1. We may disclose your Personal Information to our Service Providers, where necessary, to achieve the purpose(s) for which your Personal Information was originally collected and Processed.
  2. We will, however, enter into written agreements with such Service Providers, where we deem appropriate, to ensure that they comply with Applicable Laws pursuant to the Processing of your Personal Information.

AFFILIATE AND AFFLIATE PROCESSING

  1. Our Affiliates may transfer your Personal Information among themselves to fulfil operational requirements and to assist us in complying with our obligations to you.
  2. All our Affiliates adopt and apply the principles set forth in this Policy in order to standardise, justify and ensure that any transfers of Personal Information between them adhere to the lawful Processing requirements set forth in Applicable Laws. This also guarantees compliance by ensuring that any potential additional handling of your Personal Information stays in line with the original reason it was collected by a specific Affiliate.
  3. Affiliates only transfer Personal Information in the following circumstances:
    1. when you instruct us or our Affiliates to do so;
    2. with your Consent in circumstances where such Consent is required;
    3. to provide features, add value, or improve the quality and customise our Offerings and Platforms;
    4. improve the quality of our Offerings and Platforms;
    5. where the Personal Information has been de-identified, including through aggregation or Anonymisation;
    6. to provide assistance with marketing, billing, processing credit card payments, data analysis, fraud prevention, network and information security, technical support and customer service;
    7. when it is necessary for the fulfilment of our Offerings to you or prospective customers;
    8. to comply with Applicable Laws or to respond to lawful requests and legal process;
    9. to protect any Data Subject’s vital interests, but only where we believe it is necessary;
    10. in connection with or during negotiation of any business transfer, merger, financing, acquisition, or dissolution transaction or proceeding involving the sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company.
  4. From time to time, we may engage in joint sales or product promotions with certain third parties and/or our Affiliates.
  5. If you have specifically expressed an interest in, or purchased, a jointly offered product, promotion or service, we may share relevant Personal Information with those third parties or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may send you marketing communications about their own products and services.
  6. Please be aware that we do not control third parties or Affiliates who are not contracted to Process Personal Information for and on our behalf. These third parties and Affiliates are responsible for managing their own use of the Personal Information collected in these circumstances. We recommend that you carefully consider any applicable privacy policies of the relevant third parties, Service Provider or Affiliate to find out more about their handling of your Personal Information.

CHILDREN’S PRIVACY

  1. Our Offerings are not intended for use by Children.
  2. We do not knowingly collect personally identifiable information from Children.
  3. If you become aware that a Child has provided us with Personal Information, please contact us in accordance with Clause 16 below.
  4. If we become aware that we have collected Personal Information from Children without parental Consent, we will take immediate steps to remove/ delete such Personal Information.

INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C

  1. For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will apply to you and our Processing of your Personal Information, specifically:
    1. Annexure B: resident of the European Economic Area, United Kingdom and Switzerland;
    2. Annexure C: Californian residents.
  2. These Annexures provide you with details on:
    1. our purposes for Processing your Personal Information;
    2. our retention periods in terms of Applicable Laws;
    3. your access rights;
    4. and our internal procedure for queries and/ or complaints.

PAIA MANUAL

  1. PAIA is the statutory law in South Africa governing access to information and enables people to gain access to information held by both public and private bodies.
  2. If you would like to review, amend or obtain a copy of your Personal Information held by us, please review our PAIA manual on how to submit a request. Our PAIA manual is located on our Website.

YOUR RIGHTS

  1. While you have rights concerning your Personal Information, it is important to note that there may be various considerations in determining how to address any requests you may have.
  2. Your rights include:
    1. Right of Access – you can ask us for a copy of the Personal Information we hold.
    2. Right to Know – you can ask us what Personal Information is or was shared with any of our Affiliates or Service Providers.
    3. Right to Change – you can ask us to update your Personal Information or delete any Personal Information that is no longer accurate or relevant.
    4. Right to Object – you can object to our Processing of your Personal Information.
    5. Right to Report – you can lodge a complaint with the relevant authorities should you feel aggrieved by the manner in which we have Processed your Personal Information. The information regarding the applicable relevant Data Protection Authority is set out in Clause 16 below
  3. You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any requests you may have.

CONTACT US

With your permission, we may process your Location Data to provide features and improve services. You can manage your location settings via your device preferences.

Contact Us

If you wish to update your preferences by email or believe that the Ignition Group has utilised your Personal Information contrary to Applicable Laws, please first attempt to resolve any concerns directly with us:

Name of Private Body: Ignition Telecoms Investments Proprietary Limited
Information Officer: Naseema Nosarka
Email address: dataprivacy@ignitiongroup.co.za
Postal address: P.O Box 1611, Country Club, 4301
Street address: Quadrant 4, Centenary Building, 30 Meridian Drive, Umhlanga, Durban
Phone number: 031 582 8300

If you are not satisfied with the outcome of the above process, you have the right to lodge a complaint with the relevant Data Protection Authority, using the contact details listed below:

Name of Body: Information Regulator South Africa
Phone number: 010 023 5200
Website: https://inforegulator.org.za/
General enquiries: enquiries@inforegulator.org.za
POPIA Complaints: POPIAComplaints@inforegulator.org.za

COMMUNICATIONS WITH YOU

  1. When you make use of our Website/s or contact us, you opt-in to the use of various Electronic Communication channels, including email, SMS or WhatsApp. All information records that you send to us using any of these forms of Electronic Communication may be stored electronically by us, as well as the providers of the relevant channel, for example WhatsApp. Ignition Group takes reasonable steps to ensure that any third parties with whom your information is stored, are bound by acceptable confidentiality obligations, however, it is your responsibility to familiarise yourself with the terms and conditions, as well as privacy policies associated with the providers of the relevant channels, for example WhatsApp.
  2. Any Electronic Communication sent to you will be considered as having been received by you when such communication is sent unless the contrary is proven. This may include but is not limited to mobile push notifications. As such, it is your responsibility to provide, at your own expense, any access to the internet, data or any required devices for purposes of such Electronic Communication.
  3. Should you not wish to communicate with us via any specific channel, you may opt-out and change your communication preferences by contacting us via the contact details provided in Clause 16 of this Policy.
  4. Although the Ignition Group takes all reasonable steps to protect your Personal Information and maintain confidentiality, we cannot guarantee the security or integrity of any information you transmit to us online and specifically through the use of social media platforms such as WhatsApp. Your use of any third-party platform is subject to the terms and conditions applicable thereto, and you agree that you do this at your own risk. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically meet any legal requirements for such communications to be in writing.

CHANGES TO THIS POLICY

  1. We reserve the right to update or modify this Policy or any of its Annexures, at our sole discretion, at any given time and without prior notice to you.
  2. This may be carried out to meet legislative or regulatory demands and evolving business requirements.
  3. Unless otherwise stated, the current version of this Policy shall supersede and replace any previous versions.
  4. This Policy was last updated on 31 May 2024.

ANNEXURE A1

IGNITION GROUP

List of the subsidiaries within the Ignition Group
  • Actuation Trading (Proprietary) Limited
  • All Sevens Trade and Invest (Proprietary) Limited
  • Benjistar (Proprietary) Limited
  • CCS Outsourcing (Proprietary) Limited
  • Chase Intelligent Tracking (Proprietary) Limited
  • Comit Technologies (Proprietary) Limited
  • IFS Holdings (Proprietary) Limited
  • The following are subsidiaries of IFS Holdings (Proprietary) Limited
    • Ucingo Administration 321 (Proprietary) Limited
    • Viva Life Insurance Limited
    • Viva Cover (Proprietary) Limited
    • Viva Direct (Proprietary) Limited
    • Ignition Digital LLC
    • Ignition CX Limited
    • Ignition CX US LLC
    • Ignite Training Academy (Proprietary) Limited
    • Larto Trade and Invest (Proprietary) Limited
    • MVNX (Proprietary) Limited
    • Mobius Mobile Telecommunications (Proprietary) Limited
    • Me and You (Proprietary) Limited
    • So Music Industries (Proprietary) Limited
    • Uconnect Mobile (Proprietary) Limited
    • Veyron Trading (Proprietary) Limited

ANNEXURE A2

IGNITION GROUP AFFILIATES

List of Affiliates
  • Gumtree South Africa (Proprietary) Limited
  • Spot Money SA (Proprietary) Limited
  • Ignition Media Africa (Proprietary) Limited

ANNEXURE B:

LEGAL BASIS FOR PROCESSING PERSONAL DATA (DATA SUBJECTS FROM EEA, UK, AND SWITZERLAND ONLY)

  1. INTRODUCTION
    1. This Annexure B applies to Data Subjects who are located in the European Economic Area (“EEA”), the United Kingdom (“UK”) or Switzerland. This Annexure B must be read in conjunction with our Policy in its entirety.
    2. In the case of any inconsistency or conflict between the terms of our Policy and Annexure B, Annexure B shall take precedence in respect of any Data Processing occurring in, or related to, the EEA, the UK or Switzerland.
    3. We take your privacy and Data protection seriously. We are also registered with the Information Commissioner’s Office (‘’ICO’’) in terms of the DPA, in the “Register of data protection fee payers”. This can be accessed here: https://ico.org.uk/ESDWebPages/Search.
  2. DEFINITIONS

    The definitions contained in the Policy are to be read together with this Annexure B, save for the following specific definitions:

    1. “Data Controller’’ means a natural or legal person who (either alone, jointly or in common with other persons) determines the purposes for which, and the manner in which any Personal Data is, or are to be, Processed. For the purposes of this Policy, we are the Data Controller of your Personal Data;
    2. “Data Processors’’ means any natural or legal person who Processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to Process your Personal Data more effectively or to provide any service associated with the use of the Platforms or Offerings;
    3. “DPA’’ means the Data Protection Act 2018, which applies to the Processing of Personal Data within the United Kingdom;
    4. “Federal Data Protection Act’’ means the Swiss Federal Data Protection Act, updated as of 1 September 2023;
    5. "GDPR" means the General Data Protection Regulation (EU) 2016/679, which is a European law that governs all collection and Processing of Personal Data from Data Subjects inside the European Union;
    6. “Personal Data’’ means any information relating to an identified or identifiable natural person, including but not limited to a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  3. APPLICABLE LAWS
    1. Our Processing of Personal Data of Data Subjects who are based in the EEA is governed by the European Union’s GDPR.
    2. Our Processing of Personal Data of Data Subjects who are in the UK is subject to the DPA, which incorporates the GDPR as the UK GDPR.
    3. Our Processing of Personal Data of Data Subjects who are based in Switzerland is governed by the Federal Data Protection Act.
  4. DATA CONTROLLER
    1. The Applicable Laws, mentioned in Clause 3 above, provide that Data Controllers of Personal Data must honour certain rights granted to Data Subjects who reside in the applicable country. These rights are further explained in Clause 7 below.
    2. At all material times, we are the Data Controller of the Personal Data unless the Personal Data is collected, and the Processing is controlled by one of our Affiliates.
    3. In such circumstances, we will endeavour to make this clear to you in a context specific notification at the point we collect your Personal Data.
  5. PURPOSES OF THE PROCESSING
    1. Our legal basis for collecting and using Personal Data will depend on the Personal Data concerned and the specific context in which we collect it.
    2. However, we will normally collect Personal Data only where:
      1. we have your Consent to do so;
      2. where we need the Personal Data to perform and/or fulfill our obligations of our Offering to you as a customer;
      3. where the Processing is in our legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms.
    3. In some cases, we may also have a legal obligation to collect Personal Data from you. If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the time of the request.
  6. RETENTION PERIOD FOR PERSONAL DATA
    1. The duration for which we retain Personal Data depends on the nature of the information and the specific purpose for which it is Processed.
    2. We delete Personal Data within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose).
    3. This does preclude you from enforcing your right to request that we delete your Personal Data before the end of its retention period.
    4. We may archive Personal Data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.
  7. YOUR DATA SUBJECT ACCESS RIGHTS
    1. We understand the importance of your privacy and your rights under the Applicable Laws, and we are dedicated to providing transparency and empowering you with control over your Personal Data.
    2. You have the right to request access to your Personal Data, to have your Personal Data corrected, restricted or deleted, to withdraw any Consent that you have given to the Processing of your Personal Data (without affecting the lawfulness of the Processing prior to your withdrawal of Consent) and to object to our Processing of your Personal Data.
    3. If you wish to exercise any of these rights, or if you have any concerns about our Processing of your Personal Data, please reach out to us at dataprivacy@ignitiongroup.co.za. We are dedicated to providing transparency and control over your Personal Data.
  8. THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT DATA PROTECTION AUTHORITY
    1. If you are not satisfied with the outcome of the above process, you have the right to lodge a complaint with your national Data Protection Authority .
    2. The EU Commission has a list of Data Protection Authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
    3. The Data Protection Authority for the UK is the Information Commissioner’s Office. Their website can be accessed here: www.ico.org.uk
    4. The Federal Data Protection Authority for Switzerland is the Federal Data Protection and Information Commissioner and their website can be accessed here: https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html.

ANNEXURE C:

ANNEXURE C:

Direct Marketing

LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (CALIFORNIAN CONSUMERS ONLY)

  1. INTRODUCTION
    1. This Annexure C applies to you, as a Californian Consumer, and is drafted in alignment with our obligations to the CCPA.
    2. It covers the collection, use and disclosure of your Personal Information by us, as defined by the CCPA.
    3. This Annexure C must be read in conjunction with our Policy in its entirety.
    4. In the case of any inconsistency or conflict between the terms of our Policy and Annexure C, Annexure C shall take precedence in respect of any Data Processing occurring in, or related to, the United States of America (to the extent applicable), and to California.
  2. DEFINITIONS

    The definitions contained in the Policy are to be read together with this Annexure C, save for the following specific definitions:

    1. “CCPA” refers to the California Consumer Privacy Act of 2018, as amended and expanded by the California Privacy Rights Act of 2020;
    2. and “Californian Consumer” refers to a Californian resident in respect of whom we Process Personal Information (also referred to as “you” or “your”).
  3. COLLECTION AND PROCESSING OF PERSONAL INFORMATION
    1. We do share Personal Information, as defined by CCPA. The categories of Personal Information we collect about you, and the Service Providers and/or Affiliates to whom we disclose that Personal Information in pursuance of a business purpose, are as follows:
      Categories of Personal Information We Collect Categories of Third Party Recipients to Whom We Disclose Information for Business Purposes
      • Identifiers (such as name, address, email address)
      • Customer Records / Account Registration Information (such as address, telephone number, financial information)
      • Characteristics which may be protected classifications under California or federal law of the United States of America (such as gender and marital status)
      • Commercial Information (such as transaction data)
      • Internet or Other Network or Device Activity (such as browsing history or app usage)
      • Geolocation Data (such as approximate location inferred from your IP address, city, country)
      • Professional or Employment-Related Information (such as the name of your employer)
      • Education Information (such as degrees and certifications)
      		 Service Providers and/or Affiliates (in connection with purposes we aim to make clear to you at or prior to collection)
    2. Categories of Personal Information shared in the preceding 12 (twelve) months:
      Categories of Personal Information Shared Categories of Third-Party and/or Affiliates Recipients Purpose for Disclosure
      • Identifiers and Contact Information
      • Analytics or other Electronic Network Activity
      		 Social Media Platforms, Advertisers, Ad Agencies, Advertising Networks and Platforms, Advertising Related Technology Providers Cross Context Behavioural Advertising (Specific details on the Cookies used for advertising are available in our Cookie Policy)
    3. We will normally collect Personal Information only where we have your Consent to do so, where we need the Personal Information to perform and/or fulfill our obligations of our Offering to you as a Californian Customer or where the Processing is in our legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms.
    4. In some cases, we may also have a legal obligation to collect Personal Information from you. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time.
    5. We do not use or disclose sensitive Personal Information for purposes other than those permitted purposes under the CCPA.
    6. We do not knowingly collect and/or share Personal Information of Californian Customers under 16 (sixteen) years of age.
  4. RETENTION PERIOD FOR PERSONAL INFORMATION

    We retain Personal Information for no longer than necessary. Our retention period shall be reasonably necessary and proportionate to achieve the purposes for which it was originally collected and processed.

  5. DATA PROTECTION AND SECURITY

    We take every reasonable measure to protect your Personal Information in accordance with CCPA requirements. We implement reasonable security measures to safeguard against data breaches and unauthorized access.

  6. YOUR ACCESS RIGHTS UNDER CCPA
    1. The CCPA provides specific rights to Californian Customers and requires that we ensure those rights are honoured, including but not limited to the following:
      1. you have the right to know what Personal Information we collect, use or disclose about you over the past 12 (twelve) months;
      2. you have the right to correct your Personal Information;
      3. you have the right to request deletion of your Personal Information;
      4. you have the right to opt-out of the sale and sharing of your Personal Information to Service Providers or our Affiliates.
    2. We do not sell Personal Information to any third party, as we understand the term sale to be defined by the CCPA.
    3. We will not discriminate against you for exercising your rights under the CCPA
    4. If you wish to exercise any of these rights, or if you have any concerns about our Processing of your Personal Information, please reach out to us at dataprivacy@ignitiongroup.co.za. We are dedicated to providing transparency and control over your Personal Information.
  7. THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT DATA PROTECTION AUTHORITY
    1. If you are not satisfied with the outcome of the above process, you have the right to lodge a complaint with your national Data Protection Authority.
    2. The California Privacy Protection Agency has been established to implement and enforce the Applicable Laws. Their website can be accessed here: https://cppa.ca.gov/