1. INTRODUCTION
1.1 Welcome to 5-BOB. We are committed to protecting your
privacy and complying with the Protection of Personal Information Act 4 of
2013 (POPIA) and the Consumer Protection Act (CPA).
1.2 This Privacy Policy explains how we collect, use,
disclose, and safeguard your Personal Information when you use our 5-BOB loyalty
program & 5-BOB Mobile Rewards.
1.3 By using 5-BOB, you consent to the practices described in
this policy.
2. INFORMATION WE COLLECT
We collect the following categories of Personal Information:
Category Specific Data Points Purpose Identity Name, SA ID Number, Date of Birth
Account verification, fraud prevention, FICA compliance.
Contact Phone Number, Email, Physical Address
Communication, reward delivery, account recovery.
Transaction: Purchase amount, Merchant Name, Date/Time
Points calculation, reward allocation. Location Geolocation at time of purchase
Verifying transaction validity, marketplace analysis.
Technical Device ID, IP Address, OS Version
Security, app functionality, bug fixes.
3. HOW WE USE YOUR INFORMATION
We process your data for the following specific purposes:
3.1 Service Delivery: To operate your 5-BOB Virtual Wallet,
award Points, 5-BOB Mobile rewards and process redemptions.
3.2 Security & Fraud: To detect unusual activity,
prevent abuse, and secure our systems.
3.3 Communication: To send transactional alerts
(e.g. Points earned) and, with consent, marketing offers.
3.4 Marketplace Analysis (Important):
We
analyse purchase patterns, location trends, and demographic data to understand
consumer behaviour.
Anonymisation: For analysis purposes, data is aggregated and anonymised so that you
cannot be personally identified.
Insights: These insights help us improve the Service and provide merchants with
trend reports (e.g. "Spending in Cape Town, in specific area, increased by 10%").
Opt-Out: You may object to your data being used for non-essential analytics by
contacting [privacy@5ivebob.com].
3.5 Legal Compliance: To comply with tax laws (SARS),
regulatory requirements, and legal processes.
4. LAWFUL BASIS FOR PROCESSING
Under POPIA, we process your data based on: Consent: You explicitly agreed during registration.
Contract: Processing is necessary to fulfil the 5-BOB loyalty agreement (e.g., giving you 5-BOB Loyalty Points, and or 5-BOB data rewards).
Legitimate
Interest: For security, fraud prevention, and business analytics,
provided your rights are not overridden.
Legal
Obligation: Where required by South African law.
5. DISCLOSURE OF INFORMATION
We do not sell your Personal Information. We may share data
with:
5.1 Approved Vendors: Only necessary data to verify usage and redemption eligibility.
5.2 Service Providers: Third parties who assist
us (e.g., marketing competitions, cloud hosting, SMS gateways, payment processors, ,etc.). They are bound by
confidentiality contracts.
5.3 Legal Authorities: If required by law,
court order, or to protect safety.
5.4 Business Transfers: In the event
of a merger or sale, data may be transferred to the new owner under similar
privacy protections.
6. CROSS-BORDER DATA TRANSFER
6.1 Your data is primarily stored in South Africa.
6.2 If we
use cloud services hosted outside South Africa (e.g., servers in Europe or
USA), we ensure adequate protection measures are in place (e.g., standard
contractual clauses) as required by POPIA Section 72.
7. DATA RETENTION
7.1 We retain Personal Information only as long as necessary
for the purposes listed in Section 3.
7.2 Transactional Data: Retained
for 5 years to comply with tax laws.
7.3 Analytics Data: Raw data used
for analytics is anonymised after [24 months]. Anonymised data may be kept
indefinitely.
7.4 Upon account deletion, we will remove your Personal
Information unless legally required to retain it.
8. SECURITY SAFEGUARDS
8.1 We implement technical measures (encryption, firewalls,
access controls) to protect your data.
8.2 Sensitive Information: Your
SA ID Number is stored with enhanced security protocols, only for purposes of allocation of points converted to cash, 5-BOB Mobile registration and rewards as per RICA (Regulation of Interception of Communications and Provision of Communication-Related Information Act) Act 70 of 2002.
8.3 Breach
Notification: In the event of a data breach compromising your safety, we
will notify you and the Information Regulator as required by POPIA.
9. YOUR POPIA RIGHTS
As a Data Subject, you have the right to:
9.1 Access: Request a copy of the Personal
Information we hold about you.
9.2 Correction: Request correction of
inaccurate or incomplete data.
9.3 Deletion: Request deletion of your
data ("Right to be Forgotten"), subject to legal retention
requirements.
9.4 Objection: Object to processing based on legitimate
interests (e.g., direct marketing or analytics).
9.5 Withdraw Consent: Withdraw consent for optional processing at any time.
To exercise these rights, contact our Information Officer at
[privacy@5bob.co.za]. We will respond within 30 days as required by law.
10. COOKIES & TRACKING
10.1 Our 5-BOB Loyalty App and website may use cookies or similar
technologies to enhance user experience and analyse traffic.
10.2 You can
manage cookie preferences through your device settings.
11. CHILDREN'S PRIVACY
11.1 We do not knowingly collect data from children under 13
without parental consent.
11.2 If you are a parent and believe your child has
provided data to us, please contact us immediately.
12. CHANGES TO THIS POLICY
12.1 We may update this Privacy Policy to reflect changes in
law or our practices.
12.2 Updated versions will be posted in the app and on
our website with a new "Effective Date."
13. CONTACT THE INFORMATION REGULATOR
If you are unsatisfied with how we handle your complaint,
you may contact the South African Information Regulator: Website:
www.inforegulator.org.za
Email: complaints.IR@inforegulator.org.za or enquiries@inforegulator.org.za
Phone: Toll Free +27800 017 160 or +2710 023 5236.