Terms and conditions and privacy statement

1. INTRODUCTION

1.1 TapTuck Pty Ltd (registration number 2016/428222/07) (hereinafter referred to as TapTuck),

in order to carry out its goals and business objectives as an items ordering and cashless

payments company, does and will on an on-going basis collect, store, transfer and use

personal information.

1.2 The Protection of Personal Information Act 4 of 2013 (hereinafter referred to as POPIA)

aims to give effect to the constitutional right to privacy by introducing measures that regulate

every step of how personal information belonging to both individuals and juristic entities is

collected, stored, transferred and used by both private and public bodies from the moment of

collection until the moment of destruction in order to ensure that personal information is

processed and managed in a fair, transparent and secure manner.

1.3 TapTuck is committed to protecting individuals and juristic entities right to privacy and in

consequence undertakes to responsibly process personal information in line with the provisions

of POPIA. TapTuck does this not only to comply with the provisions of POPIA, but also to

protect its reputation, as well as to be a good corporate citizen.

1.4 The purpose of this policy is to create a general framework aimed at setting out the manner

in which TapTuck processes personal information.

1.5 This privacy policy is applicable to all of TapTuck ’s electronic platforms and facilities,

including but not limited to social media platforms, websites, applications and emails.

1.6 This privacy policy is also applicable to all TapTuck ’s employees, clients, vendors,

contractors, suppliers and any other third parties whose personal information may be collected,

stored, transferred, used or processed in any other way by TapTuck.

1.7 This privacy policy must be read together with the Online Terms and Conditions and

General Legal Terms available on TapTuck‘s website at www.taptuck.co.za

2. DEFINITIONS

2.1 The following definitions apply to this policy:

2.1.1 Client - The term Client is expansively defined in this Privacy Policy and means the

person to whom personal information relates which may include employees, clients,

prospective clients, vendors, contractors, suppliers and any other third parties whose personal

information may be lawfully processed by TapTuck.

2.1.2 CPA - means the Consumer Protection Act, 68 of 2008;

2.1.3 Companies Act - means the Companies Act, 71 of 2008;

2.1.4 Competent person - means any person who is legally competent to consent to any

action or decision being taken in respect of any matter concerning a minor;

2.1.5 Consent - means any voluntary, specific and informed expression of will in terms of

which permission is given for the processing of personal information;

2.1.6 FICA - mean the Financial Intelligence Centre Act, 38 of 2001;

2.1.7 Information Officer - means the Chief Executive Officer or the Managing Director or

equivalent officer of TapTuck or any person duly authorised by the Chief Executive Officer or

the Managing Director to act as Information Officer;

2.1.8 Operator - means a person who processes personal information for TapTuck in terms of

a contract or mandate, without coming under the direct authority of TapTuck;

2.1.9 PAIA - means the Promotion of Access to Information Act, 2 of 2000;

2.1.10 Personal Information - means information relating to an identifiable, living, natural

person, and where it is applicable, an identifiable, existing juristic person, including, but not

limited to

● information relating to the race, gender, sex, pregnancy, marital status, national,

ethnic or social origin, colour, sexual orientation, age, physical or mental health,

wellbeing, disability, religion, conscience, belief, culture, language and birth of the

person;

● information relating to the education or the medical, financial, criminal or employment

history of the person;

● any identifying number, symbol, e-mail address, physical address, telephone number,

location information, online identifier or other particular assignment to the person;

● the biometric information of the person;

● the personal opinions, views or preferences of the person;

● correspondence sent by the person that is implicitly or explicitly of a private or

confidential nature or further correspondence that would reveal the contents of the

original correspondence;

● the views or opinions of another individual about the person; and

● the name of the person if it appears with other personal information relating to the

person or if the disclosure of the name itself would reveal information about the

person;

2.1.11 POCDATARA Act - means the Protection of Constitutional Democracy Against Terrorist

and Related Activities Act, 33 of 2004

2.1.12 Processing - means any operation or activity or any set of operations, whether or not

by automatic means, concerning personal information, including—

● the collection, receipt, recording, organisation, collation, storage, updating o

modification, retrieval, alteration, consultation or use;

● dissemination by means of transmission, distribution or making available in any other

form; or

● merging, linking, as well as restriction, degradation, erasure or destruction of

information;

2.1.13 Responsible Party - means a public or private body or any other person which, alone

or in conjunction with others, determines the purpose of and means for processing personal

information;

2.1.14 Special Personal Information - means information relating to—

● the religious or philosophical beliefs, race or ethnic origin, trade union membership,

political persuasion, health or sex life or biometric information of a data subject; or

● the criminal behaviour of a data subject to the extent that such information relates to—

● the alleged commission by a data subject of any offence; or

● any proceedings in respect of any offence allegedly committed by a data subject or

the disposal of such proceedings.

2.1.15 UIF - means the Unemployment Insurance Act, 63 of 2001.

3. PROCESSING OF PERSONAL INFORMATION

3.1 TapTuck undertakes to process the personal information of the Client to the extent, and in

such a manner as is necessary to provide the services agreed upon and in accordance with the

written instructions of the Client, unless required to do otherwise by law.

3.2 TapTuck further undertakes to, at all times reasonably process personal information and is

accordingly committed to processing personal information in an adequate, relevant and

non-excessive manner.

3.3 TapTuck will accordingly process the personal information of its Clients for the following

purposes:

● To act on or respond to instructions or requests for the provision of any of TapTuck

products and/or services;

● To process orders, sales and delivery of Items;

● To fulfill any contractual obligations and/or responsibilities which may arise in terms of

a contract entered into with TapTuck as a Responsible Party, Operator or Contracting

Party in any other capacity;

● In order to comply with any compulsory obligations and/or responsibilities under South

African laws and regulations, including but not limited to POPIA, FICA, POCDATARA

Act, CPA, UIF and the Companies Act;

● For Human Resources and Labour Relations purposes in the case of prospective,

existing and former employees;

● For market research, analytical and statistical purposes;

● For general administrative purposes;

● For audit and record keeping purposes;

● For the purpose of identifying and promoting other products and services which might

be of interest to Clients;

● For business transaction purposes such as but not limited to a merger, acquisition or

any form of sale of any assets;

● For the purpose of helping us improve and customize Client’s website experience,

which will include but is not limited to the processing of personal information in the

form of http cookies; and

● For any other purpose related to the functions and activities of TapTuck.

3.4 In order to perform the purposes described above, TapTuck may from time to time share a

Clients personal information with the following parties;

● TapTuck’s employees, which will only be done on a need to know basis;

● TapTuck’s suppliers and vendors, which will only be done on a need to know basis;

● TapTuck’s carefully selected business partners who provide products and services

which may be of benefit to a Client, which will only be done on a need to know basis;

● TapTuck’s operators such as service providers and agents who perform services on

behalf of TapTuck, which will only be done on a need to know basis and in terms of a

TapTuck operator agreement.

3.5 TapTuck does not share or process Clients personal information with any third parties who

have not been described in clause 3.4 above, unless:

● TapTuck is legally obliged to provide such information to another to comply with an

obligation imposed by law;

● It is necessary for the purpose of fulfilling the contractual obligations of a contract

entered into between the Client and TapTuck;

● It is necessary for pursuing the legitimate interests of TapTuck or of a third party to

whom the information is supplied;

● it is necessary in order to protect a legitimate interest of the Client; or

● the consent of the Client has been obtained.

3.6 Under all the above-mentioned circumstances TapTuck will take reasonable measures to

ensure that such personal information is only provided to the recipient, if such recipient

undertakes to keep the personal information secure and confidential.

3.7 The duty of security and confidentiality held by the recipient will continue even after the

termination or expiry of their services.

3.8 TapTuck is committed to ensuring that the personal information that it processes is

obtained directly from its Clients.

3.9 Notwithstanding the provisions of clause 3.8 TapTuck may and will process personal

information not obtained directly for its Clients in the following circumstances:

● The personal information is contained in or derived from a public record or has

deliberately been made public by the Client;

● The Client or a competent personal where the Client is a minor has consented to the

collection of the information from another source;

● The collection of the personal information from another source would not prejudice a

legitimate interest of the Client;

● The collection of the information from another source is necessary to comply with an

obligation imposed by law; The collection of the information from another source is

necessary for the purpose of proceedings in any court of law or tribunal that has

commenced or is reasonably contemplated;

● The collection of the information from another source is necessary to maintain the

legitimate interest of TapTuck or of a third party to whom the information is supplied;

● Obtaining the personal information directly from the Client would prejudice the lawful

purpose for which it is collected; and where

● Obtaining the personal information directly from the Client is not reasonably

practicable.

3.10 The personal information of Clients may also be further processed, but only in accordance

or in a manner compatible with the purpose for which the personal information was obtained as

3.11 provided for in clause 3.3 above.

3.12 If a Client discloses their personal information to a third party, such as an entity which

operates a website linked to the TapTuck App or anyone other than TapTuck, TapTuck SHALL

NOT BE LIABLE FOR ANY LOSS OR DAMAGE, HOWSOEVER ARISING, SUFFERED BY

THE CLIENT AS A RESULT OF THE DISCLOSURE OF SUCH INFORMATION TO THE

THIRD PARTY. TapTuck is unable to regulate or control how third parties uses personal

information.

4. INFORMATION OFFICER

4.1 TapTuck has appointed and registered the following person as Information Officer:

NAME: Timothy Strang

CONTACT DETAILS: email: tim@vands.co.za

4.2 The duties of the Information Officer include the following;

● To encourage compliance, by TapTuck, with the conditions for the lawful processing of

personal information;

● To comply with any requests made to TapTuck pursuant to POPIA;

● To work with the Information Regulator in relation to investigations;

● To ensure compliance by TapTuck with the provisions of POPIA;

● To ensure that a compliance framework is developed, implemented, monitored and

maintained;

● To ensure that a personal information impact assessment is done to ensure that

adequate measures and standards exist in order to comply with the conditions for the

lawful processing of personal information;

● To ensure that a manual is developed, monitored, maintained and made available as

prescribed in PAIA;

● To ensure that internal measures are developed together with adequate systems to

process requests for information or access thereto; and

● To ensure that internal awareness sessions are conducted regarding the provisions

and Regulations of POPIA, codes of conduct, and information obtained from the

Regulator.

4.3 The Information Officer has the authority to designate and delegate any power and duty to a Deputy

Information Officer.

4.4 The Information Officer shall upon request by any person, provide copies of the manual to that

person upon the payment of a fee.

5. SECURITY SAFEGUARDS

5.1 TapTuck has implemented the appropriate technical and organisational security measures which are

required in order to protect all personal information which it holds, from and against unauthorised

access, accidental or willful manipulation and loss or destruction.

5.2 While TapTuck takes all reasonable efforts to safeguard the personal information which it holds, it

cannot be held responsible for any loss or unauthorised processing of personal information which is

beyond TapTuck’s reasonable control.

5.3 TapTuck ‘s website may contain links to other website outside of TapTuck’s control, accordingly,

TapTuck is not responsible for the content, privacy or security of these other third party controlled

websites;

5.4 TapTuck has placed cookies on its website which may make contact with a Client's device to help

make the TapTuck’s social media and electronic platforms website better.

5.5 TapTuck makes use of social plugins of social networks such as Facebook, Youtube, Twitter,

Instagram, LinkedIn and Google. Kindly note that TapTuck has no influence on or control over the extent

of the data retrieved by the social networks interfaces and TapTuck can accordingly not be held

responsible or liable for any processing or use of personal information transmitted via these social

plugins.

5.6 For information on the purpose and extent of the data retrieval by the social network concerned, and

about the rights and settings which are available to protect the personal information of Client, please

refer to the privacy policy provided by the social network concerned.

6. DATA RETENTION

6.1 TapTuck will not retain the personal information of Clients for longer than is necessary for achieving

the purpose for which the information was collected, stored, transferred, used or processed in any other

way.

6.2 Personal information obtained for any of the purposes set out in clause 3.3 will be retained for as

long as there is an active and existing relationship between TapTuck and the Client.

6.3 The personal information of inactive former Clients will be retained only when it is required or

authorised by law, for any lawful purposes related to TapTuck’s functions or activities, by a contract

between TapTuck and the former Client, by consent of the former Client or a competent person where

the information relates to a minor.

6.4 Should there be no valid reason as set out in 6.3 for retaining the personal information of former

Clients, the record of personal information will be destroyed or deleted or alternatively de-identified.

6.5 The destruction or deletion of a record of personal information in terms of clause 6.4

6.6 Will be done in a manner that prevents its reconstruction in an intelligible form.

6.7 TapTuck will not process personal information if its accuracy is contested by the Client.

7. CLIENT PARTICIPATION AND INFORMATION QUALITY

7.1 A Client, having provided adequate proof of identity, may request TapTuck to confirm, free of charge,

whether or not TapTuck holds personal information about the Client.

7.2 A Client, having provided adequate proof of identity, may also request the record or description of

the personal information about the Client that is held by TapTuck. This record or description of the

record will be provided within a reasonable time, at a prescribed fee.

7.3 Whilst TapTuck will take reasonably practicable steps to ensure the integrity and accuracy of a

Clients personal information, this may not at all times be possible. It is accordingly the responsibility of

the Client to update TapTuck of any changes to their personal information.

7.4 Clients have the right to access or request a correction or deletion of any personal information which

TapTuck may have and where applicable may ask TapTuck to update any inaccuracies in such personal

information. Any such requests must be done by way of completing the appropriate form and be

submitted to the Information Officer.

7.5 Clients have the right to request the destruction or deletion of any record of personal information

which TapTuck may have. Any such request must be done by way of completing the appropriate form

and must be submitted to the Information Officer.

8. PROCESSING OF PERSONAL INFORMATION BELONGING TO MINORS

8.1 If TapTuck collects, stores, transfers, uses or processes in any way the personal information of a

minor, it will do so only with the consent of the minor’s parent or legal guardian, unless the processing is

necessary for the establishment, exercise or defence of a right or obligation in law.

9. CROSS BORDER TRANSFER OF PERSONAL INFORMATION

9.1 TapTuck will not transfer personal information about a Client to a third party who is in a foreign

country, unless the third party who is the recipient of the information is subject to a law, binding

corporate rules or binding agreement which provide an adequate level of protection that is the same or

substantially similar to the level of projection offered by POPIA.

9.2 TapTuck may also transfer the personal information of a Client to a third party who is in a foreign

country in the following circumstances;

● Where the Client consents to the transfer;

● Where the transfer is necessary for the performance of a contract between the Client

and TapTuck;

● Where the transfer is for the benefit of the Client and it is not reasonably practicable to

obtain the consent of the Client to that transfer and if it were reasonably practicable to

obtain such consent, the Client would be likely to give it.

10. REVOCATION OF CONSENT

10.1 A Client may at any time withdraw their consent to the processing of any of their personal

information held by TapTuck.

10.2 Clients have the right to request the withdrawal of their consent to the processing of any personal

information held by TapTuck. Any such request must be done by way of completing the appropriate form

and must be submitted to the Information Officer

10.3 The lawfulness of the processing of personal information before the withdrawal of consent will not

be affected.

11. INCIDENT RESPONSE

11.1 TapTuck shall notify the Client within a reasonable time in writing and shall place notice on

its website, if it becomes aware or has reasonable grounds to believe that the personal information

of Clients has been accessed or acquired by unauthorised persons.

11.2 TapTuck undertakes further to promptly take action, at its own reasonable expense, to investigate

any such suspected breach and to identify, prevent and mitigate the effects of any such breach.

11.3 TapTuck will as soon as is reasonably possible after the discovery of the compromise provided for

in clause 11.1, in writing and in accordance with the provisions of POPIA notify the Information

Regulator.

12. REVISION OF POLICY

12.1 TapTuck reserves the right to and may from time-to-time update or amend this Privacy Policy.

12.2 If material amendments are made in how personal information is collected, stored, transferred,

used or processed in any other way, this Privacy Policy will be updated and notices will be provided

where appropriate.

12.3 Any general updates or amendments of this Privacy Policy will be published as such on the

TapTuck website.

12.4 By continuing to use the TapTuck website or any of the other TapTucks services following any

updates or amendments, the Client will be deemed to have agreed to such changes.

12.5 Clients are advised to visit and re-read this Privacy Policy on a regular basis.

13. COMPLAINTS

13.1 Should a Client believe that TapTuck has used their personal information contrary to this Privacy

Policy, Client’s have the right to lodge a complaint with the Information Regulator.

13.2 Notwithstanding the provisions of clause 13.1, TapTuck encourages Clients to first follow internal

complaints processes in order to resolve the complaint. In this regard Clients are encouraged to contact

the information Officer.

13.3 If, thereafter, Clients feel that Tap Tuck has not adequately resolved their complaint, kindly contact

the Information Regulator, whose contact details are as follows;

13.3.1 Physical address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

13.3.2 Postal address; P.O Box 31533, Braamfontein, Johannesburg, 2017

13.3.3 Complaints email: complaints.IR@justice.gov.za

13.3.4 General enquiries email: inforeg@justice.gov.za