- Scope of policy and definitions
This policy applies to all Bozaride employees, directors, sub-contractors, agents, appointees, and its provisions are applicable to both on and off-site processing of Personal Information. The following words and expressions have the meanings assigned to them except where the context otherwise requires:
1.1. ‘App’ means the application through which the Service is accessed for use;
1.2. ‘Consumer Credit Information’ has the meaning under section 70 of the NCA;
1.3. ‘Corporate User Pass’ means a corporate digital identity for businesses and other entities (such as non-profit organizations and associations) to transact with Bozaride online;
1.4. ‘FAIS Act’ shall mean the Financial Advisory and Intermediary Services Act, 2002;
1.5. ‘FSB’ refers to the Financial Services Board;
1.6. ‘NCA’ means the National Credit Act, 2005, including any regulations made under the Act;
1.7. ‘Personal Information’ shall have the meaning ascribed in the POPI Act;
1.8. ‘POPI’ shall mean the Protection of Personal Information Act, 2013;
1.9. ‘Privacy and Data Protection Conditions’ means the prescribed statutory conditions for the lawful Processing of Personal Information;
1.10. ‘Responsible Party’ is as defined in POPI;
1.11. ‘Services’ means set of limited, non-transferable and revocable functionality offered to a specific user(driver or rider)
1.12. Service Provider means a party other than Bozaride which,
1.12.1. furnishes or supplies information or content to Bozaride for onward on-line provision to the User through the App or Services; and/or
1.12.2. provides services to the User through Bozaride whether via the App or Services or otherwise. Service Providers include but are not limited to Mobile Networks, banks, regulatory bodies, the Courts, tribunals, certification authorities;
1.13. Single User Pass shall mean the online personal authentication and password system operated or provided by Bozaride;
1.14. ‘You’ means the person completing this form to be considered by Bozaride for purposes of identity authentication and/or use the Services; and
1.15. ‘Verification Information Suppliers’ shall mean third Party acting on behalf of the Company, including, but not limited to, criminal record bureaus, credit bureaus, governmental bodies, and any educational, training, and fraud prevention organisations
- Consent for the Processing and use of Personal Information
2.1. You hereby authorize Bozaride and its duly authorized verification agent to access and process your Personal Information for the following purposes:
2.1.1. Processing orders for the Services to customers;
2.1.2. Keeping accounting records in accordance with good accounting practices;
2.1.3. To comply with any legal or regulatory requirements; and
2.1.4. For commercial invoicing purposes
2.1.5. and conduct background screening checks including, but not limited to, criminal record, fraud, and ID verification.
2.2. You only consent to requests for Consumer Credit Information to be released for:
2.2.1. employment in a position of trust and honesty and entails the handling of cash or finances; and
2.2.2. fraud prevention or detection.
2.3. You understand that verification requests form part of the background screening process and:
2.3.1. That requests for credit information from Credit Bureaus will only be conducted under the regulations defined as per the NCA; and
2.3.2. Data obtained from the FSB serve only for the purpose to determine the fitness and propriety as envisaged in the FAIS Act.
2.4. You acknowledge that any Personal Information supplied to Bozaride is provided voluntarily and that Bozaride may not be able to comply with its obligations if the correct Personal Information is not supplied, given that the types of data subjects and the Personal Information to be processed will be limited to Your name(s), ID number and photographs or such biometric information as may be appropriate and mutatis mutandis similar details of juristic persons.
2.5. You understand that privacy is important to the Responsible Party and the Responsible Party will use reasonable efforts in order to ensure that any Personal Information in their possession or processed on their behalf is kept confidential, stored in a secure manner and processed in terms of South African law and for the purposes I have authorised.
2.6. You warrant that all information, including Personal Information, supplied to Bozaride is accurate and current and agree to correct and update such information when necessary.
2.8. By submitting any Personal Information to Bozaride in any form You acknowledge that such conduct constitutes a reasonable unconditional, specific and voluntary consent to the processing of such Personal Information in the following manner by Bozaride and/or verification information suppliers:
2.8.1 Personal Information may be shared by Bozaride with the Verification Information Suppliers for verification or other legitimate purposes;
2.8.2. Personal Information may be shared by the Verification Information Suppliers with the Company for other legitimate purposes as per the NCA;
2.9. Personal Information may be stored for a reasonable period by the Company and/or the Verification Information Suppliers, and Personal Information may be transferred cross-border to countries, which do not necessarily have data-protection laws similar to that of the Republic of South Africa, for verification or storage purposes.
2.10. In the event of any cross-border transfer of personal information the recipient will be notified of the need to protect the confidentiality of the personal information.
2.11. You take note that if the Responsible Party has utilised the Personal Information contrary to this policy, You may first resolve any concerns with that Responsible Party, and should You not be satisfied with such process, You have the right to lodge a complaint with the Information Regulator as prescribed in the POPI Act.
2.12. You will be furnished with a copy of all Personal Information kept by the Responsible Party upon request in terms of the provisions of the POPI Act or the NCA and You understand that You may dispute any information in the record provided.
2.13. You unconditionally agree to indemnify the Responsible Party, and Verification Information Suppliers, acting in good faith in taking reasonable steps to process Your personal information lawfully, against any liability that may result from the processing of Your personal information, including unintentional disclosures of such Personal Information to, or access by unauthorized persons, and/or any reliance which may inadvertently be placed on inaccurate, misleading, or outdated Personal Information, provided to Bozaride by Yourself or by a third party in Your stead.
2.14. You specifically authorize the verification agent, WHOYOU (PTY) LTD, to forward my fingerprints, and Your other Personal Information, to Verification Information Suppliers acting on behalf of WHOYOU (PTY) LTD (including, but not limited to the South African Police Services, the South African Criminal Record Centre, Department of Home Affairs, the Government of the Republic of South Africa, and any relevant educational, training, banking or credit organisations) for the purpose of verifying Your personal credentials and records, and any other information that You have provided in support of Your application.
2.15. Authorized credential verification types include, but are not limited to, educational qualifications, employment history, employment references where authorization exists, consumer credit enquiries, criminal record checks at the South African Police Service, demographic and photographic information retrieved from Department of Home Affairs, Driver’s License and Testing Centre, and fraud checks at the South African Fraud Prevention Service.
2.16. You authorize WHOYOU (PTY) LTD Verification Information Suppliers to furnish information regarding Your driver’s license, criminal, credit, professional and educational history and You unconditionally indemnify WHOYOU (PTY) LTD, its employees, and its Verification Information Suppliers against any liability that may result from furnishing information in this regard.
2.17. WHOYOU (PTY) LTD will not be liable for any damages of any kind arising from the use of the Services, including but not limited to direct, indirect, incidental, punitive and/or consequential damages.
2.18. You understand that it is a condition of WHOYOU (PTY) LTD verification information suppliers that this information is furnished by them solely for the purposes of verifying Your credentials.
2.19. You agree that the consent and indemnity declaration herein remains valid for all current and future personal credential verification requests by WHOYOU (PTY) LTD, and by providing Your personal and biometric information You consent to this information being stored for subsequent verification and processing as set out in the policy.
3.1 This app accesses and collect your contact list consisting of your phonebook and contacts only for an event of emergency, security reasons and disclosure to governmental authorities, including the Department of Home Affairs and the South African Police Service, should the need arise for investigations into criminal conduct, and upon receiving a lawful statutory instruction from a competent authority or a court order. We do not access, collect, use and share your contact list, phonebook and contacts for on-selling, marketing and advertising purposes.
- Disclosure of personal information to third parties
4.1. Bozaride may share the Personal Information with its agents, affiliates, and associated companies who may use this information for the purposes envisaged above, and may also supply the Personal Information to any party to whom Bozaride may have assigned or transferred any of its rights or obligations under any agreement, and/or to service providers who render the services of capturing or organizing data, storing data, conducting due diligence.
4.2. Bozaride may also disclose personal information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary to protect its rights. Personal Information may also be disclosed to Bozaride clients should it be required under obligation of a concluded agreement or for any vested commercial interest. Personal information may also be transferred to third parties on the instruction of a Bozaride client. In the event that Bozaride is a 3rd party recipient of Personal Information You acknowledge that prior consent was obtained from the data subject.
- Safeguarding Personal Information
5.1. Given that it is a requirement of POPI to adequately protect personal information, Bozaride will continuously review its security controls and processes to ensure that Personal Information is secure and accordingly, the following procedures are in place to protect Personal Information:
5.1.1. its Information Officer is responsible for the compliance with the conditions of the lawful processing of personal information and other provisions of POPI.
5.1.2. Training on this policy has been implemented throughout Bozaride and its affiliated companies.
5.1.3. New employees are required to sign an employment contract containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI.
5.1.4. Every employee currently employed within Bozaride has signed an addendum to their employment contract containing relevant consent clauses for the use and storage of employee information, or any other action so required, in terms of POPI.
5.1.5. The archived Personal Information in Bozaride is stored on site, which is also governed by POPI, with limited access to the storage areas to authorized personnel.
5.1.6. All Personal Information stored on the online systems of Bozaride are subject to access control and security measures.
5.1.7. The product suppliers, insurers, associated companies, clients and other third-party service providers of Bozaride will be required to sign a service level agreement guaranteeing their commitment to the Protection of Personal Information, as may be appropriate.
5.1.8. All electronic files or data are backed up by the IT Division of Bozaride which is also responsible for system security that protects third party access and physical threats.
5.1.9. The IT Division of Bozaride is responsible for Electronic Information Security.
5.1.10. Bozaride employs up to date technology to ensure the confidentiality, integrity and availability of the Personal Information under its care, these include: Firewalls, Virus protection software and updated protocols, Logical and physical access control; Secure setup of hardware and software making up the IT infrastructure; Outsourced Service Providers who process Personal Information on behalf of Bozaride are contracted to implement similar security controls.
- Access of Personal Information
6.1. You, as a data subject, have the right to access their Personal Information as held by Bozaride.
6.2. You also have the right to request Bozaride to update, correct or delete Your Personal Information on reasonable grounds and once You object to the processing of Your Personal Information, Bozaride may no longer process said Personal Information, except where it is still permitted under a provision of the POPI or any other applicable law.
6.3. Bozaride will take all reasonable steps to confirm Your identity before providing details of Your Personal Information or making changes to Your Personal Information.
7.1 Bozaride shall ensure that all processing conditions, as set out in POPI, are complied with when determining the purpose and means of processing Personal Information and during the processing itself, and shall remain liable for compliance with these conditions, even if it has outsourced it processing activities.
- Processing limitation
8.1. The processing of Personal Information is only lawful if, given the purpose of processing, the information is adequate, relevant, and not excessive.
8.2. Bozaride may only process Personal Information if one of the following grounds of lawful processing exists: You consent to the processing; Processing is necessary for the conclusion or performance of a contract with You; Processing complies with a legal responsibility imposed on Bozaride; Processing protects Your legitimate interest; Processing is necessary for pursuance of a legitimate interest of Bozaride, or a third party to whom the information is supplied; Special Personal Information includes: Religious, philosophical, or political beliefs; Race or ethnic origin; Trade union membership; Health or sex life; Biometric information (including blood type, fingerprints, DNA, retinal scanning, voice recognition, photographs); Criminal behaviour; Information concerning a child.
8.3. Bozaride may only process Special Personal Information under the following circumstances: You consented to such processing; You deliberately made the Special Personal Information public; Processing is necessary for the establishment of a right or defense in law; Processing is for historical, statistical, or research reasons if processing of race or ethnic origin is in order to comply with affirmative action laws.
8.4. Personal Information will be collected directly from You, unless the: Personal Information is contained in a public record; Personal Information has been deliberately made public by You; Personal Information is collected from another source with Your consent; Collection of Personal Information from another source would not prejudice You; Collection of Personal Information from another source is necessary to maintain, comply with or exercise any law or legal right; Collection of the Personal Information from You would prejudice the lawful purpose of collection; Collection of the Personal Information from You is not reasonably practicable.
- Information quality
9.1. Bozaride shall take reasonable steps to ensure that Personal Information is complete, accurate, not misleading and updated, and shall periodically review Your records to ensure that the Personal Information is still valid and correct. Employees should as far as reasonably practicably follow the following guidance when collecting Personal Information:
9.1.1. Personal Information should be dated when received.
9.1.2. A record should be kept of where the Personal Information was obtained.
9.1.3. Changes to information records should be dated.
9.1.4. Irrelevant or unneeded Personal Information should be deleted or destroyed.
9.1.5. Personal Information should be stored securely, either on a secure electronic database or in a secure physical filing system.
10.1. Bozaride shall take reasonable steps to ensure that You are is made aware of what Personal Information is collected, and the source of the information. Similarly, where the supply of Personal Information is voluntary or mandatory, and Bozaride shall take reasonable steps to ensure You are made aware of the consequences of a failure to provide such information or failure to provide correct information. Bozaride will communicate whether the Personal Information shall be shared with any third party.
- Written records
11.1. Personal Information records are kept in locked cabinets and safes such that when in use Personal Information records are not left unattended in areas where non-staff members may access them. Bozaride applies, implements and maintains a ‘clean desk policy’ where all employees are required to clear their desks of all Personal Information when leaving workstations. Personal Information which is no longer required is disposed of by shredding. Any loss or theft of, or unauthorized access to, Personal Information must be immediately reported to the Information Officer.
- Electronic records
12.1. All electronically held Personal Information is saved in a secure database or on the quality management system of Bozaride, and as far as reasonably practicable, no Personal Information is saved on individual computers, laptops or hand-held devices.
12.2. All computers, laptops and handheld devices are access-protected with a password or fingerprint scan, with the password being of reasonable complexity and changed frequently. Bozaride applies and maintains a ‘clean screen policy’ where all employees are required to lock their computers or laptops when leaving their desks for any length of time and to log off at the end of the day.
12.3. Electronical Personal Information which is no longer required must be deleted from the individual laptop or computer and the relevant database, and the employees must ensure that the information has been completely deleted and is not recoverable. Any loss or theft of computers, laptops or other devices which may contain Personal Information is immediately reported to the Information Officer, who shall notify the IT department, and take all necessary steps to remotely delete the information, if possible.
- Destruction of documents
13.1. Documents may be destroyed after the termination of the retention period specified herein, or as determined by Bozaride from time to time. Each department is responsible for attending to the destruction of its documents and electronic records, which must be done on a regular basis.
13.2. Files are checked in order to make sure that they may be destroyed and also to ascertain if there are important original documents in the file. Original documents must be returned to the holder thereof, failing which, they should be retained by Bozaride pending such return. Deletion of electronic records is done in consultation with the IT Department, to ensure that deleted information is incapable of being reconstructed and/or recovered.
- Amendments to this policy
14.1. Amendments to, or a review of this policy, will take place on an ad hoc basis and employees and Data Subjects are advised to request periodically for the updated policy to keep abreast of any changes. Bozaride reserves the right to amend this policy, which amendments will take effect immediately upon acceptance and by using or continuing to use the services at any time after any amendments are published on the app, You represent that You agree to be bound by the amendments
- Transborder information flow
15.1. The Company shall only transfer Personal Information outside the borders of the Republic of South Africa in the event that:
15.2. The Party receiving the information is subject to similar data protection laws or policies that are applicable in the Republic of South Africa;
15.3. You have agreed to the transfer of information.
15.4. The transfer is part of the performance of a contract of which You are party; and
15.5. The transfer is for Your benefit, and it is not reasonably practicable to obtain Your consent and that such consent would be likely to be given.
- Information breach
16.1. In the event that, or when reasonable grounds exist to believe, that Personal Information has been accessed by an authorised party, the employees of Bozaride must immediately notify the Information Officer of the unauthorized access.
16.2. The notice to the Information Officer must be as soon as possible in each specific circumstance, and the Information Officer must, as soon as possible inform all affected Data Subjects of the unauthorized access and must also inform the Regulator of the breach.
16.3. The notice must contain a description of the possible consequences of the security compromise, and a description of the measures that the responsible party intends to take or has taken to address the security compromise; a recommendation with regard to the measures You may take to mitigate the possible adverse effects of the security compromise.
16.4. If known to the Responsible Party, the identity of the unauthorized person who may have accessed or acquired the Personal Information.
- Information officers
17.1 Each of the affiliated companies in Bozaride will appoint its own Information Officer responsible for Personal Information access and requests from data subjects and all Information Officers will report directly to the Information Officer for Bozaride, and all responsibilities will be delegated from Bozaride Information Officer to the other Information officers.
17.2. The Bozaride Information Officer is Bonolo Mokoena with contact number: 011 593 3114 and email address: firstname.lastname@example.org Designation: Information Officer.
- Availability of services
18.1. Bozaride reserves the right to modify, enhance, withdraw or suspend the Services, or any part thereof, at any time.
18.2. The Services will be made available during such hours as may be notified by Bozaride, which reserves the right to alter or extend the service hours from time to time.
18.3. Access to and use of a Service Provider’s services and facilities may require the approval of the Service Provider.
18.4. The Service Provider may impose its own terms and conditions and charges for access to and use of its services.
18.5. You are responsible for ensuring that You have obtained all necessary approvals, consents and permissions for access to and use of a Service Provider’s services and facilities.
- Accessing the services
19.1. You shall obtain, install and maintain such suitable equipment, software, and communication means as may be required to make connection to the World Wide Web and to use the Services, including a computer and modem, network, telecommunication facilities or other access devices, and other ancillary equipment.
19.2. Access to the Services require a set of valid User Access Codes.
19.3. You shall take all necessary steps to obtain Your User Access Codes from Bozaride and to maintain the same in working order.
19.4. You shall be responsible for ensuring the security and confidentiality of the User Access Codes.
19.5. Bozaride shall not be obliged to provide access to the App to You unless You take such steps to authenticate Yourself as the person permitted or designated to access the App and use the Services.
- Authorised use only
20.1. You are responsible for ensuring that Your access to the App and Your use of the Services are within the limits of any policies or instructions that are imposed by this policy.
20.2. All communications and activities occurring under or referable to Your User Access Codes shall be deemed to have been authorized.
20.3. Any unauthorized access and use shall not expose Bozaride and the Service Provider to liability arising from any communication and activity occurring under or referable to User Access Codes.
20.4. You agree that access to and usage of the Services is for authorized purposes only and You undertake not to reproduce, duplicate, copy, sell, resell, or exploit any portion of the Services or information obtained through the Services.
20.5. You undertake not to use the Services for or to carry out any activity that may be prohibited under the laws of the Republic of South Africa, or under any other applicable law.
20.6. You undertake not to use abusive, harassing, threatening, insulting, defamatory, obscene or otherwise offensive language (including language offensive to race and/or religion) when providing content, information and data, in particular when using the comments feature of the Services.
20.7. You undertake to implement reasonable measures to secure Your mobile device, network and telecommunications equipment from unauthorised access and malware (including but not limited to viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful), and You agree not to submit, upload or transfer any unauthorized files, codes (including but not limited to viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful), and information, in the course of using the Services.
20.8. You may not attempt to gain unauthorised access to the App, the server on which the Services are hosted or any server, computer or database connected to the Service and You may not attack and/or allow any of Your equipment to be used to attack the Services via a denial-of-service attack or a distributed denial-of service attack or any other form of attack.
- Provision of information
21.1. You warrant and represent that Your access and use of the Services is authorized, in particular, you are duly authorized to submit, transmit or otherwise deal with all content, information and data provided by You.
21.2. You warrant and represent that all content, information and data You have provided is true, accurate, current and complete, and acknowledge and agree that Bozaride may make decisions or otherwise act or omit to act in reliance on the content, information and data provided by You on the assumption that it is true, accurate, current and complete.
21.3. You hereby authorize Bozaride to deal with any data or information submitted by or to You, in any manner, as Bozaride deems necessary to carry out the Services.
21.4. Without limitation to the foregoing, You consent to the collection, use, disclosure, retention and/or processing of Your personal information, data, by Bozaride and/or its nominees for the use of the Services, and any other purposes associated with the App, and for a period of seven (7) years after its termination.
21.5. You acknowledge and agree that Your personal information and data may be adapted, altered, combined with other data and/or transmitted to third parties, including but not limited to Bozaride and/or Service Providers.
- Intellectual property rights
22.1. All intellectual property rights (including copyright and trade marks) contained in, relating to or in connection with the App and Services (including text, design layout, graphics, logos, icons, sound recordings and software) are owned by Bozaride or its licensors. No materials provided through the App or Services, including text, graphics, compilations, computer programs, code and/or software may be reproduced, modified, adapted, distributed, published, displayed, uploaded, broadcast, posted, transmitted or hyperlinked in any manner and in any form without the express, prior written approval of Bozaride and that of the respective intellectual property owners.
- Disclaimer of warranties and limitation of liability
23.1. The Services and any technical support are provided on an ‘as is’ and ‘as available’ basis, and Bozaride disclaims all warranties or conditions of any kind, to the extent permitted by law, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
23.2. Bozaride does not warrant that the App and Services will meet your requirements or that the App and Services will be uninterrupted, timely, secure or error-free.
23.3. Bozaride does not warrant the security of any information transmitted over the internet as no data transmission over the internet can be guaranteed as totally secure.
23.4. Accordingly, any document or information which is transmitted by you, whether to Bozaride or to any other party, is transmitted at your own risk.
23.5. Bozaride is not responsible for the availability, content or security of external websites or websites belonging to service providers which may be linked or integrated with the website, and undertakes no liability, whether in contract or delict or otherwise for the acts and omissions of the service providers or other third parties, including without limitation third party providers of telecommunication, computer or internet services or for faults in or failures of their handsets, equipment or systems.
23.6. Bozaride shall not be liable to You or any other party for any damages, loss, cost or expense suffered by you or any other party as a result of an action brought by a third party even if such loss was reasonably foreseeable or Bozaride has been advised of the possibility of the User or any other party suffering or incurring the same; the reliance on or use of any data, information, content or matter provided by the Service Provider via the Services or the accuracy, correctness or completeness thereof; any errors, interruptions or other occurrence whatsoever arising out of any form of communications or other facilities not provided by Bozaride; any data or other information input, sent or received by or to You or through the Services; any inability to access the Services as a result of any error, interruptions, malfunction, downtime or unavailability of the User Pass Code system; Your failure to keep You associated with the User Pass Code system secure and confidential; and any occurrence not due to direct default of Bozaride.
23.7. In no event shall Bozaride be liable for any loss of business, profit, goodwill or any type of special, indirect or consequential loss regardless or the form of action, whether in contract, delict or otherwise, and even if foreseeable or if Bozaride has been advised of the possibility of such damages. In particular, Bozaride shall not be liable for any legal professional fees or fees paid to courts and/or governmental bodies which may have been incurred by You or any other third party as a result of any error in any document transmitted through the Services.
23.8. You shall indemnify and keep Bozaride harmless against any damage or claim by any parties which may arise out of Your access to the App or use of the Services and agree to notify such parties in writing that Bozaride shall have no liability to them.
23.9. Bozaride shall not be responsible for any dealings (i) between You and the Service Providers or (ii) between You and another user of the Services whether or not such dealings are facilitated through the use of the Services and You agree that You shall not bring any claims, actions or proceedings whatsoever against the Service Providers in respect of any damages, loss, cost and expense arising from the use or reliance on the data, information, content or matter provided by You to the Service Providers via the App.
- Applicable law
24.1. This policy shall be governed by and construed in accordance with the laws of the Republic of South Africa and the parties agree to submit to the exclusive jurisdiction of the courts of the Republic of South Africa.