VAAI’S PRIVACY AND PERSONAL INFORMATION POLICY
• Please note that Vaai is a private limited liability company duly registered and operating in accordance with the laws of the Republic of South Africa.
• For more information regarding your personal information lawfully stored or used by the Platform or Vaai, please contact firstname.lastname@example.org who will gladly assist.
• This Policy was last updated on 1 July 2020.
• Not all terms are necessarily defined in order.
• This Policy complies with, and facilitates the obligations required from, the South African Protection of Personal Information Act, No. 4 of 2013 (“POPI”), as amended.
1. Introduction and Our Role:
1.1. In some circumstances, Vaai is the “responsible party” (as defined in POPI) and is responsible for your personal information (collectively referred to as “we”, “us” or “our” in this Policy) in instances where we decide the processing operations concerning your personal information.
1.2. Sometimes we also operate as an “operator” (as defined in POPI) of personal information on behalf of a third-party responsible party, where that responsible party’s privacy terms will apply. The terms “user”, “you”, “data subject” and “your” are used interchangeably in this Policy and refer to all persons accessing the Platform or engaging with Vaai for any reason whatsoever.
1.3. We have appointed a data representative at Vaai who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the representative using the details set out below.
1.4. Our full details are:
1.4.1. Full name of legal entity: [Sapien Technologies (PTY) LTD]
1.4.2. Name or title of data representative: [Thabang Butelezi]
1.4.3. Email address: [email@example.com]
1.5. You have the right to make a complaint at any time to the South African data regulator’s office (Information Regulator’s Office of South Africa). We would, however, appreciate the chance to deal with your concerns before you approach any such regulator, so please contact us in the first instance.
2. Personal information we collect from you:
2.1. Should you decide to register with or function as a user on the Platform and/or use any Vaai Services, you thereby expressly consent to, and opt-in to Vaai collecting, collating, processing, and using the following types of information about you when you use the Platform (“personal information”):
2.1.1. Information provided by the user or from a user’s other authorised
Vaai processes personal information (that is information about the user that is personally identifiable like the user’s name, address, date of birth, home language,
platform or name details, age, gender, ID number, email address, vehicle registration & VIN number, contact details, phone number(s) and other unique information such as user IDs and passwords, service preferences and contact preferences that are not otherwise publicly available) which Vaai either processes as its own responsible party, or which is received from another responsible party to whom you have provided your personal information with your permission to be shared with Vaai as the operator; and
2.1.2. Information that is collected automatically:
Vaai receives and stores information which is transmitted automatically from the user’s computer when the user browses the internet. This information includes information from cookies (which are described in clause 14 below), the user’s
Internet Protocol (“IP”) address], browser & phone type, operating system, web beacons, geo-location information, vehicle telemetry information, vehicle operating/performance information, embedded web links, and other commonly used information-gathering tools. These tools collect certain standard information that your browser sends to the Platform such as your browser type and language, access times, and the address from which you arrived at the Website.
2.2. Should your personal information change, please update it yourself by updating your user profile in the Vaai.co app or provide us with updates to your personal information as soon as reasonably possible to enable us to update it. Vaai will, however, not be able to update any personal information of yours attained from another responsible party, where should you want to update same, you must approach the relevant responsible party to do so. Vaai is under no obligation to ensure that your personal information or other information supplied by you is correct.
2.3. We do not process the personal information of children when a data subject user is below the age of 18 (eighteen). Do not provide us with any such information, where same is considered a material breach of these Terms.
2.4. You warrant that the personal information disclosed to Vaai is directly from you as the user on the Platform or in connection to the Services, and all such personal information is lawfully yours to provide. You also warrant that any personal information provided to us from a third-party responsible party, was attained from you lawfully and provided to us with your express consent to the relevant responsible party to do so.
2.5. You may choose to provide additional personal information to us, in which event you agree to provide accurate and current information, and, generally, not to impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything.
3. When do we collect your personal information:
We will process your personal information in the following circumstances:
3.1. you submit an enquiry and/or contact us
3.2. you subscribe to our newsletter;
3.3. you visit or browse our Platform;
3.4. you download our application;
3.5. you register as a user with us; and/or
3.6. you make use of our Services.
4. How we use your personal information:
4.1. Any processing of your personal information will be reservedly for our legitimate business purposes and as a necessary function of your engagement with the Platform and/or our Services, and you have expressly consented to this by using our Platform and/or Services, but we will not, without your express consent:
4.1.1. use your personal information for any purpose other than as set out below:
22.214.171.124. in relation to the provision to you of the Services and/or access to the Platform;
126.96.36.199. to fulfil orders for products and Services;
188.8.131.52. for internal record keeping of responsible third parties and the development of metrics of third-party searches;
184.108.40.206. to contact you regarding current or new Services or any other product offered by us or any of our divisions and/or partners (unless you have opted out from receiving marketing material from us, possible through that same correspondence to you);
220.127.116.11. to inform you of new features and products, special offers and promotional competitions offered by us or any of our divisions and/or partners (unless you have opted out from receiving marketing material from us, possible through that same correspondence to you); and
18.104.22.168. to improve our product selection and your experience on our Platform by, for example, monitoring your browsing habits, or tracking your activities on the Platform; or
4.1.2. disclose your personal information to any third party other than as set out below:
22.214.171.124. to our employees and/or third-party service providers who assist us to interact with you via our Platform, email or any other method, for your use of the Services, and thus need to know your personal information in order to assist us to communicate with you properly and efficiently;
126.96.36.199. to external responsible parties who already have your express consent to process and/or attain such personal information from and/or with us;
188.8.131.52. to our professional services providers (such as our insurers or lawyers where we believe that it is required under our contractual relationship with our insurance provider to do so);
184.108.40.206. to law enforcement, government officials, fraud detection agencies or other third parties when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report or support the investigation into suspected illegal activity or the contravention of an applicable law, or to investigate violations of this Policy and/or the Platform’s other policies; and
220.127.116.11. to our service providers (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services etc). However, our contracts dictate that these service providers may only use your information in connection with the services they perform for us, not for their own benefit and under the same standards as how we operate.
4.2. We are entitled to use or disclose your personal information if such use or disclosure is required in order to comply with any applicable law, subpoena, order of court or legal process served on us, or to protect and defend our rights or property. In the event of a fraudulent online payment, Vaai is entitled to disclose relevant personal information for criminal investigation purposes or in line with any other legal obligation for disclosure of the personal information which may be required of it.
5. Our legal justifications for processing your personal information:
5.1. Your use of the Platform and/or any of our Services constitutes your explicit opt-in consent to our processing of your personal information. Further, we also rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal information when you make an order for products and Services. Alternatively, in some cases, we rely on our legitimate interests as a business (for example, to measure customer satisfaction and troubleshoot customer issues). Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
5.2. Subject to the other provisions in this Policy, the following constitutes our reasons for processing your personal information:
5.2.1. To make our products and Services available to you:
18.104.22.168. We use your personal information to provide you with information, products and Services that you request or purchase from us (i.e. to complete certain tasks, processes or orders on our Platform or within our apps, take payment online (where applicable) and deliver your products or Services), and to communicate with you regarding those products and Services that you purchased from us and respond to your questions and comments.
22.214.171.124. We may also use your personal information to measure how satisfied our customers are and provide customer service (including troubleshooting in connection with purchases or your requests for Services or when you ask us questions on social media).
5.2.2. When you sign up to receive our newsletter:
126.96.36.199. When you sign up to receive our newsletter, we may ask for your name and your email address or phone number. This will be used to email/text/message you our newsletter which contains information about our products and other information which we feel might be of interest to you. You can withdraw your consent at any time and we will stop sending you the newsletter.
188.8.131.52. Your name and email address are shared with a third-party mailing system [EG: Mailchimp] which is based in Atlanta, USA. This company has contractually committed to providing appropriate safeguards for your personal data which means it will be protected in line with the legal requirements of the United States of America.
184.108.40.206. Your information will also be shared with a marketing company we may use. This company has contractually committed to providing appropriate safeguards for your personal data which means it will be protected in line with the legal requirements of Southern Africa.
220.127.116.11. We keep your personal data for as long as we produce and distribute our newsletter. If you no longer wish to receive marketing information from us, simply click on the ‘unsubscribe’ link or reply to the message opting out and you will be removed from our database. If you no longer wish to receive the newsletter, please contact our customer services team and you will be removed from the list. If you withdraw your consent, we will mark your details so that they are not used and
delete them after five years.
5.2.3. When you download a sample document:
18.104.22.168. When you request to download a sample document or make use of any online resource, we ask for your name and your email address. We also request whether you would like to receive our newsletter.
22.214.171.124. We may email or contact you another way after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services.
126.96.36.199. Your name and email address are shared with a third-party mailing system [EG: Mailchimp] which is based in Atlanta, USA. This company has contractually committed to providing appropriate safeguards for your personal data which means it will be protected in line with the legal requirements of the United States of America.
5.2.4. When you purchase a product from our Platform
188.8.131.52. When you purchase products from us online, we ask you for your name, address, contact telephone number, email address and bank card information, dates, times & ownership status of the vehicle, VIN & License details etc.
184.108.40.206. We also record your IP (Internet Protocol) address and or device ID, which is the address of your computer/device on the Internet.
220.127.116.11. We require this information in order to process your payment, deliver your products or services and fulfil our contract with you. We may use your telephone number to contact you regarding your purchase.
18.104.22.168. Your credit card details are passed to a third-party payment processor [FNB or Payfast etc.] which is based in Southern Africa and is required to have effective safeguards for your information. We do not retain your credit card information.
22.214.171.124. We keep records for five years after the last contact with you. If you withdraw your consent, we will mark your details so that they are not used.
5.2.5. When you take part in our feedback survey:
126.96.36.199. When you take part in our feedback survey, we record your name, your email address, phone number, your job role and your answers to questions we ask about your opinion of, and use of, our products and services.
188.8.131.52. We use this information to develop and improve our products and services and our customer relationships. Your vehicle brand, name and some or all of your comments may be publicly displayed on our Platform as a testimonial. We will do this based on our legitimate interest in marketing our products and services.
184.108.40.206. Your name and email address are shared with a third-party mailing system [EG: Mailchimp] which is based in Atlanta, USA. This company has contractually committed to providing appropriate safeguards for your personal data which means it will be protected in line with the legal requirements of the United States of America.
220.127.116.11. We do not use the information you provide to make any automated decisions that might affect you.
18.104.22.168. We keep records for five years after the last contact with you. If you withdraw your consent, we will mark your details so that they are not used.
5.2.6. For administrative and internal business purposes:
22.214.171.124. We may use your personal information for our internal business purposes, such as administrative fulfillment of orders, administrative fulfillment of invoices, project management and internal reporting. We may also use your data to monitor the use of our Platform and ensure that our Platform is presented in the most effective and relevant manner for you and your device and setting default options for you.
126.96.36.199. It is in our legitimate interests as a business to use your personal information in this way. For example, we want to ensure our Platform is customer-friendly and works properly and that our products and Services are efficient and of high quality. We also want to make it easy for you to interact with us.
5.2.7. For security and legal reasons:
188.8.131.52. We use your personal information to:
184.108.40.206.1. ensure the personal and financial information you provide us is accurate;
220.127.116.11.2. conduct fraud checks or prevent other illegal activity;
18.104.22.168.3. protect our rights or property (or those of others); and
22.214.171.124.4. fulfill our legal and compliance-related obligations.
126.96.36.199. In some cases we will use your personal information because it’s necessary for us to comply with a legal obligation (such as if we receive a legitimate request from a law enforcement agency). In other cases (such as the detection of fraud) we will rely on our legitimate interests as a business to use your personal information in this way. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
5.2.8. In relation to your Vaai customer relationship:
188.8.131.52. We use your personal information to personalise your experience with Vaai to:
184.108.40.206.1. provide you with marketing information via SMS, post, electronic messenger and email as you have given us your consent to this;
220.127.116.11.2. process your registration details, account activity and purchase history to analyse how you use our Platform and Services. This may include information on Services you have viewed and historical transactions. This allows us to provide a browsing experience which is relevant to you;
18.104.22.168.3. carry out limited automated decision making (segmentation) based on the information you have given us when we segment our Vaai customer database to determine which offers that you may be interested in.
22.214.171.124. We rely on your consent to send direct SMS, postal, electronic messaging and email marketing messages to you based on the consent we acquired from you when you signed up, as amended by you from time to time. In other cases (for example, measuring the effectiveness of our marketing), we will rely on our legitimate interests as a business to communicate with you in an engaging and efficient way. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
6. Links to Other Websites:
6.1. Our Platform may contain hyperlinks to websites/platforms that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites/platform or any association with their operators.
6.2. We do not control these websites/platforms and are not responsible for their data or privacy practices. We urge you to review any privacy statement posted on any site/platform you visit before using the site/platform or providing any personal information about yourself and others.
7. Original and updated purposes for processing:
7.1. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
8. International Transfer of personal information:
8.1. We may share your personal information within the Vaai group of companies and this may involve transferring and processing your data outside of South Africa.
8.2. Whenever we transfer your personal information out of the country, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
8.2.1. we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information;
8.2.2. where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe under the GDPR; or
8.2.3. where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to
personal information shared between Europe and the US.
9. How we treat your personal information and Data Security:
9.1. We will ensure that all of our employees, third party service providers, divisions and partners (including their employees and third-party service providers) having access to your personal information are bound by appropriate and legally binding confidentiality obligations and process your personal information at standards equal to or higher than Vaai’s in relation to your personal information.
9.2. We will:
9.2.1. treat your personal information as strictly confidential, save where we are entitled to share it as set out in this Policy;
9.2.2. take appropriate technical, security and organisational measures to ensure that your personal information is kept secure and is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access;
9.2.3. provide you with reasonable access to your personal information to view and/or update personal details;
9.2.4. promptly notify you if we become aware of any unauthorised use, disclosure or processing of your personal information;
9.2.5. provide you with reasonable evidence of our compliance with our obligations under this Policy on reasonable notice and request; and
9.2.6. upon your request, promptly correct, transfer, return or destroy any and all of your personal information in our possession or control, save for that which we are legally obliged or entitled to retain (acknowledging that some Website and/or Service functionality might be lost if certain personal information is amended or destroyed).
9.3. We will not retain your personal information longer than the period for which it was originally needed, unless we are required by law to do so, or you consent to us retaining such information for a longer period. In some circumstances, other applicable national laws require us to retain your data beyond your request for its deletion, or beyond your direct engagement with Vaai. As such, we may retain your personal information in adherence with compulsory instructions from other applicable national laws, notwithstanding your application to have it deleted or amended.
9.4. Whilst we will do all things reasonably necessary to protect your rights of privacy, we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in our possession, made by third parties who are not subject to our control, unless such disclosure is as a result of our gross negligence or fraud.
9.6. We are committed to implementing the necessary measures to keep your data secure.
9.6.1. Your information is stored in our Customer Relationship Management (CRM) system which is hosted by a third-party provider that commits to providing an appropriate level of safeguards for your personal data. Our servers as well as our back-up and storage facilities are hosted locally.
9.6.2. All our partners have their own privacy and data protection policies in place. It is important that you familiarise yourself with these when using any of their platforms
9.6.3. We do not keep any hardcopy records.
10. User rights and obligations:
10.1. The user is entitled to request access to any relevant personal information held by Vaai and where such access is necessary for you to exercise and/or protect any of the user’s rights. For any personal information held by any third-party responsible party, the user must approach that responsible party for the realisation of the user’s personal information rights with them, and not with Vaai.
10.2. Under POPI, you have rights in relation to your personal information. Please contact us to find out more about, or manifest, these rights:
10.2.1. have your data processed in a fair, lawful and transparent way;
10.2.3. access personal information we hold about you;
10.2.4. require us to correct any mistakes in your personal information;
10.2.5. require us to delete personal information concerning you in certain situations where there is no good reason for us to continue to process it;
10.2.6. request that we transfer your personal information to you or another service provider in a simple, structured format;
10.2.7. object at any time to processing of your personal information for direct marketing purposes;
10.2.8. object to automated decision making which produces legal effects concerning you or similarly significantly affects you;
10.2.9. object in certain other situations to our continued processing of your personal information; and/or
10.2.10. otherwise restrict or temporarily stop our processing of your personal information in certain circumstances.
10.3. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
10.4. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10.5. We try to respond to all legitimate requests within one week. Occasionally it may take us longer than a week if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10.6. Users with citizenships from jurisdictions other than of South Africa, please note that Vaai complies with all South African data protection laws when processing your personal information pursuant to the Services. Should foreign law be applicable in any regard to your use of the Services and/or the Website in any way, including how we may process your personal information, please contact Vaai at [firstname.lastname@example.org] who will gladly engage you on its application and your rights.
10.7. Users acknowledge that any content provided by users on the Platform, including via a messaging system, enters an open, public forum, and is not confidential, where the author of which will be liable for that content, and not Vaai.
10.8. Users understand that there are risks involved in sharing personal information. By disclosing personal information such as the user’s name and phone number, users acknowledge and understand that this information may be collected and used by a third party to communicate with you.
10.9. By accepting this Policy, you have opted-in to receive communication from Vaai, where your contact details will be used to contact you from time to time and may also use it for security reasons to confirm your identity.
10.10. You have the right to opt-out of receiving communication by emailing email@example.com and asking to not be contacted from then on.
11. Vaai’s rights relating to personal information:
11.1. Vaai will disclose the user’s personally identifiable information if it reasonably believes that it is required to do so by law, regulation or other government authority or to protect the rights and property of Vaai, its affiliates or the public. Vaai may also co-operate with law enforcement in any official investigation and may disclose the user’s personally identifiable information to the relevant agency or authority in doing so.
11.2. Circumstances may arise where, whether for strategic or other business reasons, Vaai decides to sell, buy, merge or otherwise reorganize its business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Vaai’s practice to seek reasonable protection for information in these types of transactions and notify you prior to any disclosure of personal information. Such disclosure will also be subject to this Policy.
11.3. Vaai strives to keep the user’s personal information accurately recorded. Vaai provides a user with the reasonable ability to review and correct it or ask for anonymization, blockage, transfer or deletion, as applicable. Please contact firstname.lastname@example.org to engage Vaai on such actions or requests.
12.2. If you have a complaint about our use of your information, please contact us directly so that we can address your complaint.
13. Notification of Changes:
13.2. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.
13.3. If we do, we will notify you next time you visit our Platform. We encourage you to check this Policy regularly.
13.4. We will update the version number and date of this document each time it is changed.
14. Detailed Cookies provisions:
14.1. This section describes in detail how cookies are used when visiting our Platform/s.
14.2. When accessing our Platform, we may use both session-based and persistent cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your movements on our Platform). These collect information that enables the Platform to remember you and tells us how you use our Platform. Cookies also make your interactions faster and more secure.
14.3. We set and access our own cookies on our Website. In addition, we use third party cookies, like Google Analytics.
14.4. Cookies Definition:
14.4.1. Cookies are small text files sent by us to your computer or mobile device, which enables Slack features and functionality. They are unique to your account or your browser.
14.4.2. Cookies cannot be used to discover your identity. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not.
14.4.3. “Session-based cookies” last only while your browser is open and are automatically deleted when you close your browser.
14.4.4. “Persistent cookies” last until you or your browser delete them or until they expire.
14.5. Categories of Use:
14.5.1. Cookies are used by us and by third parties to allow the Platform to function, to collect useful information about visitors and to help to make your user experience better. Cookies can be used to recognize you when you visit a Site or use our Platform and Services, remember your preferences, and give you a personalized experience that’s consistent with your settings. Some cookies are associated with your account and personal information in order to remember that you are logged in and which workspaces you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things.
14.6.1. If you’re signed into our Services, cookies help us show you the right information and personalize your experience.
14.8. Preferences, features and services:
14.8.1. Cookies can tell us which language you prefer and what your communications preferences are. They can help you fill out forms on our Sites more easily. They also provide you with features, insights, and customized content.
14.10. Performance, Analytics and Research:
14.10.2. When someone visits our Platform we use a third-party service, for example Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things like the number of visitors to various parts of the site. This information is processed in a way which does not identify any individual.
14.10.3. Some of the cookies we use are strictly necessary for our Platform to function, and we don’t ask for your consent to place these on your computer. If you choose not to accept cookies from our Website this may limit its functionalities or performance.
14.11. Opting Out:
14.11.1. Most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust. Browser manufacturers provide help pages relating to cookie management in their products.
14.11.2. If you limit the ability of websites and applications to set cookies, you may worsen your overall user experience and/or lose the ability to access the services, since it will no longer be personalized to you. It may also stop you from saving customized settings, like login information.