DATA PRIVACY POLICY
DATA PRIVACY POLICY
We at the Ignition Group take your privacy seriously and are committed to protecting your
Personal Information. We place a high premium on the privacy of every person or organisation
with whom we interact and therefore acknowledge the need for Personal Information to be
handled with a reasonable standard of care.
This Data Protection and Privacy Policy (‘’Policy’’) relates to our Processing of your Personal
Information when you interact with us, access our Platforms and/ or use our Offerings. It explains
how we undertake to Process Personal Information in a manner which promotes the constitutional
right to privacy, while retaining accountability and managing Data Subject participation.
With our headquarters in Durban, South Africa, we are a global customer acquisition business,
operating in the telecommunications, home services and financial services sectors.
We are committed to complying with the Applicable Laws in the multiple jurisdictions in which we,
and you, operate. We have therefore drafted this Policy in accordance with the provisions of
POPIA, which governs Data protection in South Africa, and in consideration of the following
international Applicable Laws:
1. General Data Protection Regulation (European Union) 2016/679, which governs Data
protection in respect of the European Union;
2. Federal Data Protection Act, updated as of 1 September 2023, which governs Data protection
in respect of Switzerland;
3. Data Protection Act 2018 which governs Data protection in respect of the United Kingdom;
and
4. California Consumer Privacy Act of 2018, as amended and expanded by the California Privacy
Rights Act of 2020, which may be employed for Data protection within the United States of
America.
5. Consumer Data Protection Act, effective 1 January 2023, which governs data protection and
privacy in respect of Virginia within the United States of America.
(collectively referred to as “International Data Protection Laws”).
By engaging with us, electronically or physically, you Consent to the Processing and transfer of
your Personal Information as set out in this Policy.
If you have any questions or concerns about our Processing of your Personal Information, please
contact us via the contact details provided in Clause 16 of this Policy.
1.
1.1.
1.2.
1.3.
1.4.
DEFINITIONS
“Affiliate/s” means any entity which is associated with the Ignition Group through
common ownership, as per Annexure A2 below;
"Anonymisation" means the process of turning Personal Information into anonymous
information so that a Data Subject is not (or is no longer) identifiable;
“Annexure/s” means any annexure attached to this Policy, as amended from time to time;
“Applicable Law/s" means any laws applicable to the protection and Processing of
Personal Information, with particular emphasis on POPIA and the International Data
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
1.5.
1.6.
1.7.
1.8.
1.9.
1.10.
1.11.
1.12.
1.13.
1.14.
1.14.1.
1.14.2.
1.14.3.
1.14.4.
1.14.5.
1.15.
1.16.
1.17.
1.18.
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
1.19.
1.19.1.
1.19.2.
1.19.3.
1.19.4.
1.19.5.
1.19.6.
1.19.7.
1.20.
1.21.
1.22.
1.22.1.
1.22.2.
1.22.3.
1.22.4.
1.23.
1.24.
1.25.
1.26.
1.27.
1.28.
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
1.29.
1.30.
2.
2.1.
2.2.
2.3.
2.4.
2.4.1.
2.4.2.
2.4.3.
2.4.4.
2.4.5.
2.4.6.
2.4.7.
2.4.8.
2.5.
2.6.
2.7.
2.8.
2.9.
2.9.1.
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
2.9.2.
2.9.3.
2.9.4.
2.9.5.
2.9.6.
2.9.7.
2.9.8.
2.9.9.
2.9.10.
2.9.11.
2.9.12.
2.9.13.
2.9.14.
2.9.15.
2.9.16.
2.9.17.
2.9.18.
2.10.
2.11.
2.12.
3.
3.1.
3.2.
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
3.3.
4.
4.1.
4.2.
5.
5.1.
5.2.
6.
6.1.
6.2.
7.
7.1.
7.2.
7.3.
8.
8.1.
8.2.
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
8.2.1.
8.2.2.
8.2.3.
8.3.
8.4.
9.
9.1.
9.2.
9.3.
9.4.
9.5.
10.
10.1.
10.2.
11.
11.1.
11.2.
11.3.
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
11.3.1.
11.3.2.
11.3.3.
11.3.4.
11.3.5.
11.3.6.
11.3.7.
11.3.8.
11.3.9.
11.3.10.
11.4.
11.5.
11.6.
12.
12.1.
12.2.
12.3.
12.4.
13.
13.1.
13.1.1.
13.1.2.
13.2.
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
DATA PRIVACY POLICY
our purposes for Processing your Personal Information;
our retention periods in terms of Applicable Laws;
your access rights; and
our internal procedure for queries and/ or complaints.
PAIA MANUAL
PAIA is the statutory law in South Africa governing access to information and enables
people to gain access to information held by both public and private bodies.
If you would like to review, amend or obtain a copy of your Personal Information held by us,
please review our PAIA manual on how to submit a request. Our PAIA manual is located
on our Website.
YOUR RIGHTS
While you have rights concerning your Personal Information, it is important to note that
there may be various considerations in determining how to address any requests you may
have.
Your rights include:
Right of Access – you can ask us for a copy of the Personal Information we hold.
Right to Know – you can ask us what Personal Information is or was shared with any of
our Affiliates or Service Providers.
Right to Change – you can ask us to update your Personal Information or delete any
Personal Information that is no longer accurate or relevant.
Right to Object – you can object to our Processing of your Personal Information.
Right to Report – you can lodge a complaint with the relevant authorities should you feel
aggrieved by the manner in which we have Processed your Personal Information. The
information regarding the applicable relevant Data Protection Authority is set out in
Clause 16 below.
You can contact our Information Officer on DataPrivacy@ignitiongroup.co.za with any
requests you may have.
13.2.1.
13.2.2.
13.2.3.
13.2.4.
14.
14.1.
14.2.
15.
15.1.
15.2.
15.2.1.
15.2.2.
15.2.3.
15.2.4.
15.2.5.
15.3.
when you instruct us or our Affiliates to do so;
with your Consent in circumstances where such Consent is required;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
where the Personal Information has been de-identified, including through aggregation
or Anonymisation;
to provide assistance with marketing, billing, processing credit card payments, data
analysis, fraud prevention, network and information security, technical support and
customer service;
when it is necessary for the fulfilment of our Offerings to you or prospective customers;
to comply with Applicable Laws or to respond to lawful requests and legal process;
to protect any Data Subject’s vital interests, but only where we believe it is necessary; and
in connection with or during negotiation of any business transfer, merger, financing,
acquisition, or dissolution transaction or proceeding involving the sale, transfer,
divestiture or disclosure of all or a portion of our business or assets to another company.
From time to time, we may engage in joint sales or product promotions with certain third
parties and/or our Affiliates.
If you have specifically expressed an interest in, or purchased, a jointly offered product,
promotion or service, we may share relevant Personal Information with those third parties
or Affiliates. Where you have given Consent to do so, these third parties or Affiliates may
send you marketing communications about their own products and services.
Please be aware that we do not control third parties or Affiliates who are not
contracted to Process Personal Information for and on our behalf. These third parties
and Affiliates are responsible for managing their own use of the Personal Information
collected in these circumstances. We recommend that you carefully consider any
applicable privacy policies of the relevant third parties, Service Provider or Affiliate to
find out more about their handling of your Personal Information.
CHILDREN’S PRIVACY
Our Offerings are not intended for use by Children.
We do not knowingly collect personally identifiable information from Children.
If you become aware that a Child has provided us with Personal Information, please
contact us in accordance with Clause 16 below.
If we become aware that we have collected Personal Information from Children without
parental Consent, we will take immediate steps to remove/ delete such Personal
Information.
INTERNATIONAL DATA PROTECTION LAWS: ANNEXURES B AND C
For Data Subjects residing outside of the Republic of South Africa, Annexures B and C will
apply to you and our Processing of your Personal Information, specifically:
Annexure B: resident of the European Economic Area, United Kingdom and
Switzerland; and
Annexure C: Californian residents.
These Annexures provide you with details on:
purpose for which the information was collected or subsequently processed;
any legal obligations we have in terms of Applicable Laws;
the nature of any contracts we have in place with you; or
the existence of your Consent.
It is specifically recorded that you have the right to object to the Processing of your Data at
any time during the Processing. However, we would be required to retain and store your
Data for the purposes of swiftly dealing with such an objection or enquiry.
We will use Pseudonymisation to retain your Usage Data for internal analysis purposes. We
generally retain your Usage Data for a shorter period, except when it is used to strengthen
the security or to improve the functionality of our Offerings, or we are legally obligated to
retain it for longer time periods.
TRANSFER OF YOUR DATA
Your Data may be transferred to, Processed and maintained outside of your city province,
country or other governmental jurisdiction where the Applicable Laws may differ from
those of your jurisdiction.
If you are located outside the Republic of South Africa and choose to provide information to
us, please note that we may transfer your Data to the Republic of South Africa and Process it
there.
Your Consent to this Policy followed by your submission of such Data represents your
Consent to such transfer.
We will take reasonably necessary steps to ensure the secure treatment of your Data in
accordance with this Policy. Your Data will not be transferred to an organization or country
unless adequate data protection laws or controls are in place to safeguard your Data.
In addition, we will purge, anonymise or delete your Personal Information in accordance
with Applicable Laws, and other regulatory and compliance requirements.
PROVISION OF PERSONAL INFORMATION TO SERVICE PROVIDERS
We may disclose your Personal Information to our Service Providers, where necessary, to
achieve the purpose(s) for which your Personal Information was originally collected and
Processed.
We will, however, enter into written agreements with such Service Providers, where we
deem appropriate, to ensure that they comply with Applicable Laws pursuant to the
Processing of your Personal Information.
AFFILIATE AND AFFLIATE PROCESSING
Our Affiliates may transfer your Personal Information among themselves to fulfil operational
requirements and to assist us in complying with our obligations to you.
All our Affiliates adopt and apply the principles set forth in this Policy in order to
standardise, justify and ensure that any transfers of Personal Information between them
adhere to the lawful Processing requirements set forth in Applicable Laws. This also
guarantees compliance by ensuring that any potential additional handling of your Personal
Information stays in line with the original reason it was collected by a specific Affiliate.
Affiliates only transfer Personal Information in the following circumstances:
you. Once you have opted out, it can take up to 6 (six) weeks for the opt-out request to be
actioned within Ignition Group.
You may opt out of receiving promotional Electronic Communications from us by following
the instructions in those communications. If you opt-out, we may still send you
non-promotional Electronic Communications relating to the Offerings you have taken up.
COOKIES
Our Platforms use Cookies to keep track of your visits and activity on the Platform.
For information related to the use of Cookies, please see our Cookie Policy on our Website.
USAGE DATA
We may also Process Usage Data that your browser sends whenever you visit or engage
with our Platforms or when you access our Offerings by or through any device.
This Usage Data may include information such as your device Internet Protocol (‘’IP’’)
address, browser type, browser version, the Websites that you visit, the pages of other
websites and the uniform resource locator (“URL”) of such pages, the time and date of your
visit to those pages, the time spent on those pages, unique device identifiers, URL data for
market segmentation purposes and other diagnostic data. It may also include information
in terms of the type of device you use, your device unique ID and your device operating
system.
LOCATION DATA
With your permission, by enabling your location services, we may Process your Location
Data in order to provide features, add value or improve or customise our Offerings.
You can enable or disable your location services when you use any of our Platforms, at any
time, by way of your device settings.
SECURITY OF YOUR PERSONAL INFORMATION
We take all reasonable and appropriate steps to protect your Personal Information against
loss, misuse, unauthorised access, disclosure, alteration and/or destruction.
We use appropriate technical and organisational measures to protect your Personal
Information. These measures include, but are not limited to, physical access controls and
strict confidentiality measures, encryption, internet firewalls, intrusion detection and
network monitoring depending on the nature of the information and the scope of
Processing.
While we strive to use commercially acceptable means to protect your Personal
Information, we cannot guarantee its absolute security. Please remember that no method of
transmission over our Platforms or electronic storage is absolutely secure.
HOW LONG WE RETAIN YOUR DATA
We retain your Data for no longer than necessary.
The retention time will depend on:
to establish your needs, wants and preferences in relation to the Offerings provided by
us and our Affiliates;
to help us identify you when you engage with us for the first time or after an extended
period of time from the last interaction;
to allocate Unique Identifiers to you for the purpose of securely storing, retaining and
recalling your Personal Information from time to time;
to facilitate your access to our premises;
to maintain your Records as an existing customer;
for employment purposes;
for general administration purposes;
for legal and/or contractual purposes;
to provide features, add value, or improve the quality and customise our Offerings and
Platforms;
improve the quality of our Offerings and Platforms;
to communicate with you for marketing and non-marketing purposes;
to transfer Personal Information within the Ignition Group and our Affiliates so as to enable
us to market our Offerings to you or other Data Subjects;
to transfer or share Personal Information with select Service Providers on a need-to-know
basis so as to enable us to deliver services to you, including credit bureaus to assess and
verify the profile of you as a potential customer for purposes of receiving our Offerings;
to analyse the Personal Information collected for research and statistical purposes;
to transfer Personal Information from South Africa to other jurisdictions if it is required as
stipulated in Clause 9 herein;
to carry out analysis and customer profiling in order to identify other products and services
which might be of interest to you, as well as to inform you of such products and/or services; or
for fraud prevention and detection, and to protect and defend the rights and property of
Ignition Group, our employees, our Affiliates and business associates.
We will not Process your Personal Information for any purpose other than for the purposes
set forth in Clause 2.9 or in any specific privacy notices of any Subsidiary or Affiliate unless
we are permitted or required to do so in terms of Applicable Laws.
We will Process Personal Information in compliance with the conditions as set out in
Applicable Laws, to ensure that your privacy is protected.
We may from time-to-time Process Personal Information by making use of automated
means (without deploying any human intervention in the decision-making process) to make
decisions about you or your application. In this instance it is specifically recorded that you
may object to or query the outcomes of such a decision. Requests to contest decisions
based solely on automated processing will be authenticated prior to processing the
request.
PERSONAL INFORMATION FOR DIRECT MARKETING PURPOSES
We acknowledge that we may only Process your Personal Information to contact you for
purposes of direct marketing when it is generally permissible to do so in terms of Applicable
Laws and where we have complied with the provisions of those Applicable Laws.
Where this is lawfully permitted, we will ensure that a reasonable opportunity is given to
you to object (opt-out) to the use of your Personal Information for our marketing purposes
at the point of collection and on the occasion of each direct marketing communication to
uniquely identifies that Data Subject in relation to the Responsible Party;
“Usage Data’’ is data collected automatically, either generated by the use of an Offering,
or our Platforms (for example, the duration of a Website page visit), as more fully described
at clause 5 below;
“Website/s’’ means our main Website at www.ignitiongroup.co.za and any of our
Subsidiary and/or Affiliate company websites.
INFORMATION WE MAY COLLECT FROM YOU
When you engage with us, whether physically, electronically, or through the use of our
Offerings, facilities or Platforms, you may be required to provide your Personal Information.
In some instances, especially when you interact with our Platforms or Websites, we may
automatically collect your Location Data, Usage Data and Cookies. We will, in effect, be
Processing your Data and will do so in terms of this Policy.
There may be instances where we have collected your Personal Information from other
sources such as our Service Providers, social media networks and blogs (where the posting
of your Personal Information may make it public information) and business associates, and
in such instances, we will inform you by virtue of the updates in this Policy.
When you provide us with the Personal Information of any other person, we will Process the
Personal Information of such person in accordance with this Policy, as well as any terms and
conditions or other relevant policies to which this Policy relates.
We may Process the following types of Personal Information from time to time, including
but not limited to:
full names;
identity numbers;
registration numbers;
Financial Details;
statutory information;
physical and postal address particulars;
telephone numbers; and/or
email addresses.
When collecting Personal Information from you, we will comply with the notification
requirements as set out in Applicable Laws, including the requirements set forth in Section
18 of POPIA.
When you provide us with such Personal Information, we may also be required to confirm
that you are a competent person and that you have authority to give the requisite Consent
to enable us to Process such Personal Information.
You may not always be required to provide the Personal Information that we have
requested. However, if you choose not to provide certain information, you may not be able
to take advantage of some of our Offerings and fully utilize our Platforms.
We Process Personal Information primarily to optimise the delivery of our Offerings and
Platforms, administer our business operations, ensure a legally compliant workplace
environment and safeguard your Personal Information in our custody.
We may Process the Personal Information collected from you for other legitimate, justifiable
business purposes including, but not limited to, the following:
to provide or manage any information as requested by or received from you, in general;
“Personal Information’’ means information relating to an identifiable, living, natural
person, and where it is applicable, an identifiable, existing juristic person, including, but not
limited to:
information relating to the race, gender, sex, pregnancy, marital status, national, ethnic
or social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
information relating to the education or the medical, financial, criminal or employment
history of the person;
any identifying number, symbol, e-mail address, physical address, telephone number,
Location Data, online identifier or other particular assignment to the person;
the Biometric information of the person;
the personal opinions, views or preferences of the person; correspondence sent by the
person that is implicitly or explicitly of a private or confidential nature or further
correspondence that would reveal the contents of the original correspondence;
the views or opinions of another individual about the person; and
the name of the person if it appears with other Personal Information relating to the
person or if the disclosure of the name itself would reveal information about the person.
“Platform/s” collectively means our Website and any other websites, mobile applications
or other digital interfaces operated or managed by us;
"POPIA" means the Protection of Personal Information Act, No.4 of 2013 and the
regulations thereto, as amended or replaced from time to time;
‘’Processing’’ means any operation or activity or any set of operations, whether or not by
automatic means, concerning Personal Information, including:
the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
dissemination by means of transmission, distribution or making available in any other
form by electronic communications or other means; or
merging, linking, blocking, degradation, erasure or destruction.
For the purposes of this definition, "Process" has a corresponding meaning.
“Pseudonymisation’’ means the Processing of Personal Information in such a manner that
the Personal Information can no longer be attributed to a specific person without the use of
additional information.
“Record/s” means any recorded information which the Responsible Party possesses or
controls, regardless of its form or the material on which it is contained, including computer
hardware or software. A Record can be electronic or paper- based, but it must form part of
a filing system to be included.
“Responsible Party” means a public or private body or any other person which alone or in
conjunction with others, determines the purpose of and means for processing personal
information. For purposes of this Policy, we are the responsible party as defined in Section
1 of POPIA;
“Service Provider/s” means any independent juristic or natural person contracted by the
Ignition Group to facilitate our Offerings, improve a Platform, add value to an existing
Offering or provide additional Offerings to you;
“Subsidiary/ies” means any entity which is wholly owned by Ignition Telecoms
Investments Proprietary Limited, as per Annexure A1 below;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by
the Responsible Party for the purposes of the operations of that Responsible Party and that
Protection Laws. Applicable Laws includes any statute, regulation, notice, policy, directive,
ruling or subordinate legislation, the common law, any binding court order, judgment or
ruling, any applicable industry code, policy or standard enforceable by law, or any
applicable direction, policy or order that is given by any regulator, competent authority or
organ of state or statutory industry body;
“Biometric” is a technique of personal identification based on physical, physiological, or
behavioural characterisation.
“Biometric Information” is information derived from techniques to identify individuals
based on physical, physiological, or behavioural characterisation, including blood typing,
fingerprinting, DNA analysis, retinal scanning and voice recognition.
“Child” means a natural person under the age of 18 (eighteen) (including the plural
“Children”);
“Consent” means any voluntary, specific and informed expression of will, in terms of which
permission is given for the Processing of Personal Information as contemplated in
Applicable Laws;
“Cookies’’ are a small amount of Data generated by a website and saved by your web
browser. Its purpose is to remember information about you. If Data Subjects elect not to
receive Cookies, they may be able to view some, but not all, of the content on our
Platforms;
“Data’’ means Personal Information, Usage Data, Cookies and/or Location Data;
“Data Protection Authority” means the relevant regulatory authoritative bodies in the
respective jurisdictions established in terms of Applicable Laws;
‘’Data Subject’’ means our customer(s), user(s) or any natural person in respect of whom
we Process Personal Information (also referred to as “you” or “your”);“ECTA” means the
Electronic Communications and Transactions Act, No. 25 of 2002;
“Electronic Communication” shall have the same meaning as ascribed to the term in
terms of POPIA;
‘’Financial Details’’ means information provided by your bank such as:
account information, including bank name, account name, account type, account holder,
branch number;
information about an account balance, including current and available balance;
identifiers and information about the account holder(s), including name, email address,
phone number, date of birth, gender, and address information;
information about account transactions, including amount, date, type, price, and a
description of the transaction; and
deductions from your bank account where necessary for the fulfillment of Offerings
provided by the Ignition Group.
“Location Data” means the information about the physical location of a Data Subject’s
device. Depending on the Data Subject’s location, the Personal Information or Personal
Data will be processed in accordance with Applicable Laws;
"Ignition Group" means Ignition Telecoms Investments Proprietary Limited and any of its
subsidiaries, as incorporated from time to time, the particulars of which are recorded in
Annexure A1 to this Policy (also referred to as ‘’we’’, ‘’us’’ or ‘’our’’). For purposes of this
Policy, we are the responsible party as defined in Section 1 of POPIA;
“Offering/s” refer to the products or services provided by the Ignition Group including
those provided by any of our Affiliates;
“PAIA” means the Promotion of Access to Information Act 2 of 2000;
DATA PRIVACY POLICY
Any Electronic Communication sent to you will be considered as having been received by
you when such communication is sent unless the contrary is proven. This may include but is
not limited to mobile push notifications. As such, it is your responsibility to provide, at your
own expense, any access to the internet, data or any required devices for purposes of such
Electronic Communication.
Should you not wish to communicate with us via any specific channel, you may opt-out and
change your communication preferences by contacting us via the contact details provided
in Clause 16 of this Policy.
Although the Ignition Group takes all reasonable steps to protect your Personal Information
and maintain confidentiality, we cannot guarantee the security or integrity of any
information you transmit to us online and specifically through the use of social media
platforms such as WhatsApp. Your use of any third-party platform is subject to the terms
and conditions applicable thereto, and you agree that you do this at your own risk. You
agree that all agreements, notices, disclosures and other communications that we provide
to you electronically meet any legal requirements for such communications to be in writing.
CHANGES TO THIS POLICY
We reserve the right to update or modify this Policy or any of its Annexures, at our sole
discretion, at any given time and without prior notice to you.
This may be carried out to meet legislative or regulatory demands and evolving business
requirements.
Unless otherwise stated, the current version of this Policy shall supersede and replace any
previous versions.
This Policy was last updated on 31 May 2024.
17.
17.1.
COMMUNICATIONS WITH YOU
When you make use of our Website/s or contact us, you opt-in to the use of various
Electronic Communication channels, including email, SMS or WhatsApp. All information
records that you send to us using any of these forms of Electronic Communication may be
stored electronically by us, as well as the providers of the relevant channel, for example
WhatsApp. Ignition Group takes reasonable steps to ensure that any third parties with
whom your information is stored, are bound by acceptable confidentiality obligations,
however, it is your responsibility to familiarise yourself with the terms and conditions, as
well as privacy policies associated with the providers of the relevant channels, for
example WhatsApp.
16. CONTACT US
If you wish to update your preferences by email or believe that the Ignition Group has
utilised your Personal Information contrary to Applicable Laws, please first attempt to
resolve any concerns directly with us:
Name of Private Body:
Information Officer:
Email address:
Postal address:
Street address:
Phone number:
Ignition Telecoms Investments Proprietary Limited
Naseema Nosarka
dataprivacy@ignitiongroup.co.za
P.O Box 1611, Country Club, 4301
Quadrant 4, Centenary Building, 30 Meridian Drive, Umhlanga, Durban
031 582 8300
If you are not satisfied with the outcome of the above process, you have the right to lodge a
complaint with the relevant Data Protection Authority, using the contact details listed below:
Name of Body:
Phone number:
Website:
General enquiries:
POPIA Complaints:
Information Regulator South Africa
010 023 5200
https://inforegulator.org.za/
enquiries@inforegulator.org.za
POPIAComplaints@inforegulator.org.za
DATA PRIVACY POLICY
17.2.
17.3.
17.4.
18.
18.1.
18.2.
18.3.
18.4.
Any Electronic Communication sent to you will be considered as having been received by
you when such communication is sent unless the contrary is proven. This may include but is
not limited to mobile push notifications. As such, it is your responsibility to provide, at your
own expense, any access to the internet, data or any required devices for purposes of such
Electronic Communication.
Should you not wish to communicate with us via any specific channel, you may opt-out and
change your communication preferences by contacting us via the contact details provided
in Clause 16 of this Policy.
Although the Ignition Group takes all reasonable steps to protect your Personal Information
and maintain confidentiality, we cannot guarantee the security or integrity of any
information you transmit to us online and specifically through the use of social media
platforms such as WhatsApp. Your use of any third-party platform is subject to the terms
and conditions applicable thereto, and you agree that you do this at your own risk. You
agree that all agreements, notices, disclosures and other communications that we provide
to you electronically meet any legal requirements for such communications to be in writing.
CHANGES TO THIS POLICY
We reserve the right to update or modify this Policy or any of its Annexures, at our sole
discretion, at any given time and without prior notice to you.
This may be carried out to meet legislative or regulatory demands and evolving business
requirements.
Unless otherwise stated, the current version of this Policy shall supersede and replace any
previous versions.
This Policy was last updated on 31 May 2024.
COMMUNICATIONS WITH YOU
When you make use of our Website/s or contact us, you opt-in to the use of various
Electronic Communication channels, including email, SMS or WhatsApp. All information
records that you send to us using any of these forms of Electronic Communication may be
stored electronically by us, as well as the providers of the relevant channel, for example
WhatsApp. Ignition Group takes reasonable steps to ensure that any third parties with
whom your information is stored, are bound by acceptable confidentiality obligations,
however, it is your responsibility to familiarise yourself with the terms and conditions, as
well as privacy policies associated with the providers of the relevant channels, for
example WhatsApp.
DATA PRIVACY POLICY
ANNEXURE A1
IGNITION GROUP
List of the subsidiaries within the Ignition Group
• Actuation Trading (Proprietary) Limited
• All Sevens Trade and Invest (Proprietary) Limited
• Benjistar (Proprietary) Limited
• CCS Outsourcing (Proprietary) Limited
• Chase Intelligent Tracking (Proprietary) Limited
• Comit Technologies (Proprietary) Limited
• IFS Holdings (Proprietary) Limited
• The following are subsidiaries of IFS Holdings (Proprietary) Limited
◦ Ucingo Administration 321 (Proprietary) Limited
◦ Viva Life Insurance Limited
◦ Viva Cover (Proprietary) Limited
◦ Viva Direct (Proprietary) Limited
• Ignition Digital LLC
• Ignition CX Limited
• Ignition CX US LLC
• Ignite Training Academy (Proprietary) Limited
• Larto Trade and Invest (Proprietary) Limited
• MVNX (Proprietary) Limited
• Mobius Mobile Telecommunications (Proprietary) Limited
• Me and You (Proprietary) Limited
• So Music Industries (Proprietary) Limited
• Uconnect Mobile (Proprietary) Limited
• Veyron Trading (Proprietary) Limited
DATA PRIVACY POLICY
ANNEXURE A2
IGNITION GROUP AFFILIATES
List of Affiliates
• Gumtree South Africa (Proprietary) Limited
• Spot Money SA (Proprietary) Limited
• Ignition Media Africa (Proprietary) Limited
DATA PRIVACY POLICY
YOUR DATA SUBJECT ACCESS RIGHTS
We understand the importance of your privacy and your rights under the Applicable Laws,
and we are dedicated to providing transparency and empowering you with control over
your Personal Data.
You have the right to request access to your Personal Data, to have your Personal Data
corrected, restricted or deleted, to withdraw any Consent that you have given to the
Processing of your Personal Data (without affecting the lawfulness of the Processing prior
to your withdrawal of Consent) and to object to our Processing of your Personal Data.
If you wish to exercise any of these rights, or if you have any concerns about our Processing
of your Personal Data, please reach out to us at dataprivacy@ignitiongroup.co.za. We are
dedicated to providing transparency and control over your Personal Data.
THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT DATA PROTECTION
AUTHORITY
If you are not satisfied with the outcome of the above process, you have the right to lodge a
complaint with your national Data Protection Authority .
The EU Commission has a list of Data Protection Authorities here:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The Data Protection Authority for the UK is the Information Commissioner’s Office. Their
website can be accessed here: www.ico.org.uk.
The Federal Data Protection Authority for Switzerland is the Federal Data Protection and
Information Commissioner and their website can be accessed here:
https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html.
APPLICABLE LAWS
Our Processing of Personal Data of Data Subjects who are based in the EEA is governed by
the European Union’s GDPR.
Our Processing of Personal Data of Data Subjects who are in the UK is subject to the DPA,
which incorporates the GDPR as the UK GDPR.
Our Processing of Personal Data of Data Subjects who are based in Switzerland is governed
by the Federal Data Protection Act.
DATA CONTROLLER
The Applicable Laws, mentioned in Clause 3 above, provide that Data Controllers of
Personal Data must honour certain rights granted to Data Subjects who reside in the
applicable country. These rights are further explained in Clause 7 below.
At all material times, we are the Data Controller of the Personal Data unless the Personal
Data is collected, and the Processing is controlled by one of our Affiliates.
In such circumstances, we will endeavour to make this clear to you in a context specific
notification at the point we collect your Personal Data.
PURPOSES OF THE PROCESSING
Our legal basis for collecting and using Personal Data will depend on the Personal Data
concerned and the specific context in which we collect it.
However, we will normally collect Personal Data only where:
we have your Consent to do so;
where we need the Personal Data to perform and/or fulfill our obligations of our Offering
to you as a customer; or
where the Processing is in our legitimate interests and is not overridden by your data
protection interests or fundamental rights and freedoms.
In some cases, we may also have a legal obligation to collect Personal Data from you. If we
ask you to provide Personal Data to comply with a legal requirement or to perform a
contract with you, we will make this clear at the time of the request.
RETENTION PERIOD FOR PERSONAL DATA
The duration for which we retain Personal Data depends on the nature of the information
and the specific purpose for which it is Processed.
We delete Personal Data within a reasonable period after we no longer need to use it for
the purpose for which it was collected (or for any subsequent purpose that is compatible
with the original purpose).
This does preclude you from enforcing your right to request that we delete your Personal
Data before the end of its retention period.
We may archive Personal Data (which means storing it in inactive files) for a certain period
prior to its final deletion, as part of our ordinary business continuity procedures.
1.
1.1.
1.2.
1.3.
2.
2.1.
2.2.
2.3.
2.4.
2.5.
2.6.
INTRODUCTION
This Annexure B applies to Data Subjects who are located in the European Economic Area
(“EEA”), the United Kingdom (“UK”) or Switzerland. This Annexure B must be read in
conjunction with our Policy in its entirety.
In the case of any inconsistency or conflict between the terms of our Policy and Annexure B,
Annexure B shall take precedence in respect of any Data Processing occurring in, or related
to, the EEA, the UK or Switzerland.
We take your privacy and Data protection seriously. We are also registered with the
Information Commissioner’s Office (‘’ICO’’) in terms of the DPA, in the “Register of data
protection fee payers”. This can be accessed here:
https://ico.org.uk/ESDWebPages/Search.
DEFINITIONS
The definitions contained in the Policy are to be read together with this Annexure B, save
for the following specific definitions:
“Data Controller’’ means a natural or legal person who (either alone, jointly or in common
with other persons) determines the purposes for which, and the manner in which any
Personal Data is, or are to be, Processed. For the purposes of this Policy, we are the Data
Controller of your Personal Data;
“Data Processors’’ means any natural or legal person who Processes the Personal Data on
behalf of the Data Controller. We may use the services of various Service Providers in order
to Process your Personal Data more effectively or to provide any service associated with the
use of the Platforms or Offerings;
“DPA’’ means the Data Protection Act 2018, which applies to the Processing of Personal
Data within the United Kingdom;
“Federal Data Protection Act’’ means the Swiss Federal Data Protection Act, updated as
of 1 September 2023;
"GDPR" means the General Data Protection Regulation (EU) 2016/679, which is a
European law that governs all collection and Processing of Personal Data from Data
Subjects inside the European Union; and
“Personal Data’’ means any information relating to an identified or identifiable natural
person, including but not limited to a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person.
ANNEXURE B:
LEGAL BASIS FOR PROCESSING PERSONAL DATA
(DATA SUBJECTS FROM EEA, UK, AND SWITZERLAND ONLY)
DATA PRIVACY POLICY
YOUR DATA SUBJECT ACCESS RIGHTS
We understand the importance of your privacy and your rights under the Applicable Laws,
and we are dedicated to providing transparency and empowering you with control over
your Personal Data.
You have the right to request access to your Personal Data, to have your Personal Data
corrected, restricted or deleted, to withdraw any Consent that you have given to the
Processing of your Personal Data (without affecting the lawfulness of the Processing prior
to your withdrawal of Consent) and to object to our Processing of your Personal Data.
If you wish to exercise any of these rights, or if you have any concerns about our Processing
of your Personal Data, please reach out to us at dataprivacy@ignitiongroup.co.za. We are
dedicated to providing transparency and control over your Personal Data.
THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT DATA PROTECTION
AUTHORITY
If you are not satisfied with the outcome of the above process, you have the right to lodge a
complaint with your national Data Protection Authority .
The EU Commission has a list of Data Protection Authorities here:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The Data Protection Authority for the UK is the Information Commissioner’s Office. Their
website can be accessed here: www.ico.org.uk.
The Federal Data Protection Authority for Switzerland is the Federal Data Protection and
Information Commissioner and their website can be accessed here:
https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html.
3.
3.1.
3.2.
3.3.
4.
4.1.
4.2.
4.3.
5.
5.1.
5.2.
5.2.1.
5.2.2.
5.2.3.
5.3.
6.
6.1
6.2.
6.3.
6.4.
APPLICABLE LAWS
Our Processing of Personal Data of Data Subjects who are based in the EEA is governed by
the European Union’s GDPR.
Our Processing of Personal Data of Data Subjects who are in the UK is subject to the DPA,
which incorporates the GDPR as the UK GDPR.
Our Processing of Personal Data of Data Subjects who are based in Switzerland is governed
by the Federal Data Protection Act.
DATA CONTROLLER
The Applicable Laws, mentioned in Clause 3 above, provide that Data Controllers of
Personal Data must honour certain rights granted to Data Subjects who reside in the
applicable country. These rights are further explained in Clause 7 below.
At all material times, we are the Data Controller of the Personal Data unless the Personal
Data is collected, and the Processing is controlled by one of our Affiliates.
In such circumstances, we will endeavour to make this clear to you in a context specific
notification at the point we collect your Personal Data.
PURPOSES OF THE PROCESSING
Our legal basis for collecting and using Personal Data will depend on the Personal Data
concerned and the specific context in which we collect it.
However, we will normally collect Personal Data only where:
we have your Consent to do so;
where we need the Personal Data to perform and/or fulfill our obligations of our Offering
to you as a customer; or
where the Processing is in our legitimate interests and is not overridden by your data
protection interests or fundamental rights and freedoms.
In some cases, we may also have a legal obligation to collect Personal Data from you. If we
ask you to provide Personal Data to comply with a legal requirement or to perform a
contract with you, we will make this clear at the time of the request.
RETENTION PERIOD FOR PERSONAL DATA
The duration for which we retain Personal Data depends on the nature of the information
and the specific purpose for which it is Processed.
We delete Personal Data within a reasonable period after we no longer need to use it for
the purpose for which it was collected (or for any subsequent purpose that is compatible
with the original purpose).
This does preclude you from enforcing your right to request that we delete your Personal
Data before the end of its retention period.
We may archive Personal Data (which means storing it in inactive files) for a certain period
prior to its final deletion, as part of our ordinary business continuity procedures.
INTRODUCTION
This Annexure B applies to Data Subjects who are located in the European Economic Area
(“EEA”), the United Kingdom (“UK”) or Switzerland. This Annexure B must be read in
conjunction with our Policy in its entirety.
In the case of any inconsistency or conflict between the terms of our Policy and Annexure B,
Annexure B shall take precedence in respect of any Data Processing occurring in, or related
to, the EEA, the UK or Switzerland.
We take your privacy and Data protection seriously. We are also registered with the
Information Commissioner’s Office (‘’ICO’’) in terms of the DPA, in the “Register of data
protection fee payers”. This can be accessed here:
https://ico.org.uk/ESDWebPages/Search.
DEFINITIONS
The definitions contained in the Policy are to be read together with this Annexure B, save
for the following specific definitions:
“Data Controller’’ means a natural or legal person who (either alone, jointly or in common
with other persons) determines the purposes for which, and the manner in which any
Personal Data is, or are to be, Processed. For the purposes of this Policy, we are the Data
Controller of your Personal Data;
“Data Processors’’ means any natural or legal person who Processes the Personal Data on
behalf of the Data Controller. We may use the services of various Service Providers in order
to Process your Personal Data more effectively or to provide any service associated with the
use of the Platforms or Offerings;
“DPA’’ means the Data Protection Act 2018, which applies to the Processing of Personal
Data within the United Kingdom;
“Federal Data Protection Act’’ means the Swiss Federal Data Protection Act, updated as
of 1 September 2023;
"GDPR" means the General Data Protection Regulation (EU) 2016/679, which is a
European law that governs all collection and Processing of Personal Data from Data
Subjects inside the European Union; and
“Personal Data’’ means any information relating to an identified or identifiable natural
person, including but not limited to a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person.
DATA PRIVACY POLICY
7.
7.1.
7.2.
7.3.
8.
8.1
8.2.
8.3.
8.4.
YOUR DATA SUBJECT ACCESS RIGHTS
We understand the importance of your privacy and your rights under the Applicable Laws,
and we are dedicated to providing transparency and empowering you with control over
your Personal Data.
You have the right to request access to your Personal Data, to have your Personal Data
corrected, restricted or deleted, to withdraw any Consent that you have given to the
Processing of your Personal Data (without affecting the lawfulness of the Processing prior
to your withdrawal of Consent) and to object to our Processing of your Personal Data.
If you wish to exercise any of these rights, or if you have any concerns about our Processing
of your Personal Data, please reach out to us at dataprivacy@ignitiongroup.co.za. We are
dedicated to providing transparency and control over your Personal Data.
THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT DATA PROTECTION
AUTHORITY
If you are not satisfied with the outcome of the above process, you have the right to lodge a
complaint with your national Data Protection Authority .
The EU Commission has a list of Data Protection Authorities here:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The Data Protection Authority for the UK is the Information Commissioner’s Office. Their
website can be accessed here: www.ico.org.uk.
The Federal Data Protection Authority for Switzerland is the Federal Data Protection and
Information Commissioner and their website can be accessed here:
https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html.
APPLICABLE LAWS
Our Processing of Personal Data of Data Subjects who are based in the EEA is governed by
the European Union’s GDPR.
Our Processing of Personal Data of Data Subjects who are in the UK is subject to the DPA,
which incorporates the GDPR as the UK GDPR.
Our Processing of Personal Data of Data Subjects who are based in Switzerland is governed
by the Federal Data Protection Act.
DATA CONTROLLER
The Applicable Laws, mentioned in Clause 3 above, provide that Data Controllers of
Personal Data must honour certain rights granted to Data Subjects who reside in the
applicable country. These rights are further explained in Clause 7 below.
At all material times, we are the Data Controller of the Personal Data unless the Personal
Data is collected, and the Processing is controlled by one of our Affiliates.
In such circumstances, we will endeavour to make this clear to you in a context specific
notification at the point we collect your Personal Data.
PURPOSES OF THE PROCESSING
Our legal basis for collecting and using Personal Data will depend on the Personal Data
concerned and the specific context in which we collect it.
However, we will normally collect Personal Data only where:
we have your Consent to do so;
where we need the Personal Data to perform and/or fulfill our obligations of our Offering
to you as a customer; or
where the Processing is in our legitimate interests and is not overridden by your data
protection interests or fundamental rights and freedoms.
In some cases, we may also have a legal obligation to collect Personal Data from you. If we
ask you to provide Personal Data to comply with a legal requirement or to perform a
contract with you, we will make this clear at the time of the request.
RETENTION PERIOD FOR PERSONAL DATA
The duration for which we retain Personal Data depends on the nature of the information
and the specific purpose for which it is Processed.
We delete Personal Data within a reasonable period after we no longer need to use it for
the purpose for which it was collected (or for any subsequent purpose that is compatible
with the original purpose).
This does preclude you from enforcing your right to request that we delete your Personal
Data before the end of its retention period.
We may archive Personal Data (which means storing it in inactive files) for a certain period
prior to its final deletion, as part of our ordinary business continuity procedures.
INTRODUCTION
This Annexure B applies to Data Subjects who are located in the European Economic Area
(“EEA”), the United Kingdom (“UK”) or Switzerland. This Annexure B must be read in
conjunction with our Policy in its entirety.
In the case of any inconsistency or conflict between the terms of our Policy and Annexure B,
Annexure B shall take precedence in respect of any Data Processing occurring in, or related
to, the EEA, the UK or Switzerland.
We take your privacy and Data protection seriously. We are also registered with the
Information Commissioner’s Office (‘’ICO’’) in terms of the DPA, in the “Register of data
protection fee payers”. This can be accessed here:
https://ico.org.uk/ESDWebPages/Search.
DEFINITIONS
The definitions contained in the Policy are to be read together with this Annexure B, save
for the following specific definitions:
“Data Controller’’ means a natural or legal person who (either alone, jointly or in common
with other persons) determines the purposes for which, and the manner in which any
Personal Data is, or are to be, Processed. For the purposes of this Policy, we are the Data
Controller of your Personal Data;
“Data Processors’’ means any natural or legal person who Processes the Personal Data on
behalf of the Data Controller. We may use the services of various Service Providers in order
to Process your Personal Data more effectively or to provide any service associated with the
use of the Platforms or Offerings;
“DPA’’ means the Data Protection Act 2018, which applies to the Processing of Personal
Data within the United Kingdom;
“Federal Data Protection Act’’ means the Swiss Federal Data Protection Act, updated as
of 1 September 2023;
"GDPR" means the General Data Protection Regulation (EU) 2016/679, which is a
European law that governs all collection and Processing of Personal Data from Data
Subjects inside the European Union; and
“Personal Data’’ means any information relating to an identified or identifiable natural
person, including but not limited to a name, an identification number, location data, an
online identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person.
DATA PRIVACY POLICY
1.
1.1.
1.2.
1.3.
1.4.
2.
2.1.
2.2.
3.
3.1.
INTRODUCTION
This Annexure C applies to you, as a Californian Consumer, and is drafted in alignment with
our obligations to the CCPA.
It covers the collection, use and disclosure of your Personal Information by us, as defined by
the CCPA.
This Annexure C must be read in conjunction with our Policy in its entirety.
In the case of any inconsistency or conflict between the terms of our Policy and Annexure C,
Annexure C shall take precedence in respect of any Data Processing occurring in, or related
to, the United States of America (to the extent applicable), and to California.
DEFINITIONS
The definitions contained in the Policy are to be read together with this Annexure C, save
for the following specific definitions:
“CCPA” refers to the California Consumer Privacy Act of 2018, as amended and expanded
by the California Privacy Rights Act of 2020; and
“Californian Consumer” refers to a Californian resident in respect of whom we Process
Personal Information (also referred to as “you” or “your”).
COLLECTION AND PROCESSING OF PERSONAL INFORMATION
We do share Personal Information, as defined by CCPA. The categories of Personal
Information we collect about you, and the Service Providers and/or Affiliates to whom we
disclose that Personal Information in pursuance of a business purpose, are as follows:
ANNEXURE C:
LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
(CALIFORNIAN CONSUMERS ONLY)
DATA PRIVACY POLICY
Categories of
Personal Information we collect
• Identifiers (such as name, address,
email address)
• Customer Records / Account
Registration Information (such as
address, telephone number,
financial information)
• Characteristics which may be
protected classifications under
California or federal law of the
United States of America (such as
gender and marital status)
• Commercial Information (such as
transaction data)
• Internet or Other Network or
Device Activity (such as browsing
history or app usage)
• Geolocation Data (such as
approximate location inferred from
your IP address, city, country)
• Professional or
Employment-Related Information
(such as the name of your
employer)
• Education Information (such as
degrees and certifications)
Service Providers and/or Affiliates (in connection
with purposes we aim to make clear to you at or
prior to collection)
Categories of third party recipients to whom we
disclose information for business purposes
3.2. Categories of Personal Information shared in the preceding 12 (twelve) months:
Categories of Personal
Information Shared
• Identifiers and Contact
Information
• Analytics or other Electronic
Network Activity
Categories of Third-Party
and/or Affiliates Recipients
• Social Media Platforms
Advertisers, Ad Agencies,
Advertising Networks and
Platforms, Advertising
Related Technology
Providers
Purpose for Disclosure
• Cross Context
Behavioural Advertising
(Specific details on the
Cookies used for
advertising are available
in our Cookie Policy)
DATA PRIVACY POLICY
THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT DATA PROTECTION
AUTHORITY
If you are not satisfied with the outcome of the above process, you have the right to lodge a
complaint with your national Data Protection Authority.
The California Privacy Protection Agency has been established to implement and enforce
the Applicable Laws. Their website can be accessed here: https://cppa.ca.gov/
3.3.
3.4.
3.5.
3.6.
4.
5.
6.
6.1
6.1.1.
6.1.2.
6.1.3.
6.1.4.
6.2.
6.3.
6.4.
We will normally collect Personal Information only where we have your Consent to do so,
where we need the Personal Information to perform and/or fulfill our obligations of our
Offering to you as a Californian Customer or where the Processing is in our legitimate
interests and is not overridden by your data protection interests or fundamental rights and
freedoms.
In some cases, we may also have a legal obligation to collect Personal Information from
you. If we ask you to provide Personal Information to comply with a legal requirement or to
perform a contract with you, we will make this clear at the relevant time.
We do not use or disclose sensitive Personal Information for purposes other than those
permitted purposes under the CCPA.
We do not knowingly collect and/or share Personal Information of Californian Customers
under 16 (sixteen) years of age.
RETENTION PERIOD FOR PERSONAL INFORMATION
We retain Personal Information for no longer than necessary. Our retention period shall be
reasonably necessary and proportionate to achieve the purposes for which it was originally
collected and processed.
DATA PROTECTION AND SECURITY
We take every reasonable measure to protect your Personal Information in accordance with
CCPA requirements. We implement reasonable security measures to safeguard against
data breaches and unauthorized access.
YOUR ACCESS RIGHTS UNDER CCPA
The CCPA provides specific rights to Californian Customers and requires that we ensure
those rights are honoured, including but not limited to the following:
you have the right to know what Personal Information we collect, use or disclose about
you over the past 12 (twelve) months;
you have the right to correct your Personal Information;
you have the right to request deletion of your Personal Information; and
you have the right to opt-out of the sale and sharing of your Personal Information to
Service Providers or our Affiliates.
We do not sell Personal Information to any third party, as we understand the term sale to be
defined by the CCPA.
We will not discriminate against you for exercising your rights under the CCPA.
If you wish to exercise any of these rights, or if you have any concerns about our Processing
of your Personal Information, please reach out to us at dataprivacy@ignitiongroup.co.za.
We are dedicated to providing transparency and control over your Personal Information.
DATA PRIVACY POLICY
7.
7.1.
7.2.
THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT DATA PROTECTION
AUTHORITY
If you are not satisfied with the outcome of the above process, you have the right to lodge a
complaint with your national Data Protection Authority.
The California Privacy Protection Agency has been established to implement and enforce
the Applicable Laws. Their website can be accessed here: https://cppa.ca.gov/
We will normally collect Personal Information only where we have your Consent to do so,
where we need the Personal Information to perform and/or fulfill our obligations of our
Offering to you as a Californian Customer or where the Processing is in our legitimate
interests and is not overridden by your data protection interests or fundamental rights and
freedoms.
In some cases, we may also have a legal obligation to collect Personal Information from
you. If we ask you to provide Personal Information to comply with a legal requirement or to
perform a contract with you, we will make this clear at the relevant time.
We do not use or disclose sensitive Personal Information for purposes other than those
permitted purposes under the CCPA.
We do not knowingly collect and/or share Personal Information of Californian Customers
under 16 (sixteen) years of age.
RETENTION PERIOD FOR PERSONAL INFORMATION
We retain Personal Information for no longer than necessary. Our retention period shall be
reasonably necessary and proportionate to achieve the purposes for which it was originally
collected and processed.
DATA PROTECTION AND SECURITY
We take every reasonable measure to protect your Personal Information in accordance with
CCPA requirements. We implement reasonable security measures to safeguard against
data breaches and unauthorized access.
YOUR ACCESS RIGHTS UNDER CCPA
The CCPA provides specific rights to Californian Customers and requires that we ensure
those rights are honoured, including but not limited to the following:
you have the right to know what Personal Information we collect, use or disclose about
you over the past 12 (twelve) months;
you have the right to correct your Personal Information;
you have the right to request deletion of your Personal Information; and
you have the right to opt-out of the sale and sharing of your Personal Information to
Service Providers or our Affiliates.
We do not sell Personal Information to any third party, as we understand the term sale to be
defined by the CCPA.
We will not discriminate against you for exercising your rights under the CCPA.
If you wish to exercise any of these rights, or if you have any concerns about our Processing
of your Personal Information, please reach out to us at dataprivacy@ignitiongroup.co.za.
We are dedicated to providing transparency and control over your Personal Information.
