Privacy Policy

Doc Ref: SW-PP-001
Effective:3 October 2025
Last Updated:3 October 2025

1. Introduction

This Privacy Policy describes how Social Wiiv (Pty) Ltd (“Social Wiiv”, “we”, “us”, or “our”) collects, uses, processes, stores, protects, and discloses personal information when individuals interact with our website, software platforms, applications, services, and related technologies (collectively referred to as the “Platform”).

Social Wiiv is committed to protecting the privacy and personal information of all individuals who interact with our Platform, including visitors to our website, clients, authorised users, and participants in campaigns, programs, or services operated through our Platform. We process personal information in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), as well as other applicable data protection laws where required.

This Privacy Policy explains:

what personal information we collect;
how and why we collect and process that information;
the legal bases on which we rely to process personal information;
how we protect and safeguard personal information;
how long personal information is retained;
when personal information may be shared with third parties; and
the rights available to individuals regarding their personal information.

Social Wiiv provides a software-as-a-service (SaaS) platform that may be deployed by our clients to operate marketing campaigns, loyalty programs, staff engagement solutions, competitions, surveys, or other digital engagement services. In such cases, Social Wiiv may act either as the Responsible Party or as an Operator, depending on the nature of the processing activity and the role of the client.

Where Social Wiiv determines the purpose and means of processing personal information (for example, when operating our website or communicating with prospective clients), Social Wiiv acts as the Responsible Party under POPIA. Where our clients use the Platform to collect or process personal information from their own users, customers, or participants, the client remains the Responsible Party, and Social Wiiv acts solely as an Operator processing information on the client’s documented instructions.

By accessing or using our website, services, or Platform, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal information as described herein. If you do not agree with the terms of this Privacy Policy, you should discontinue use of the Platform and refrain from providing personal information to Social Wiiv.

Where required by applicable law, Social Wiiv will obtain explicit consent from individuals before processing personal information in circumstances where consent constitutes the lawful basis for such processing.

This Privacy Policy forms part of the legal framework governing the use of the Social Wiiv Platform and should be read together with our Terms of Service, Cookie Policy, and any applicable service agreements.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below. Terms not defined herein shall have the meanings assigned to them under applicable data protection legislation, including the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”).

“Applicable Data Protection Laws” means any laws, regulations, or legally binding requirements relating to the processing, protection, or privacy of personal information, including POPIA and any other applicable international data protection laws where relevant.

“Client” means any business, organisation, agency, or entity that has entered into an agreement with Social Wiiv to use, license, or deploy the Platform or related services.

“Data Subject” means the natural person or identifiable juristic person to whom Personal Information relates, as defined under POPIA.

“Operator” means a person or entity that processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party, as defined under POPIA.

“Personal Information” means information relating to an identifiable, living natural person or an identifiable existing juristic person, including but not limited to names, identification numbers, contact details, demographic information, online identifiers, location data, or any other information defined as personal information under POPIA.

“Platform” means the Social Wiiv software platform, including all related websites, web applications, mobile applications, APIs, services, tools, and technologies provided by Social Wiiv.

“Processing” means any operation or activity concerning Personal Information, whether or not by automatic means, including collection, receipt, recording, organisation, storage, updating, retrieval, use, dissemination, distribution, transfer, restriction, deletion, or destruction of Personal Information.

“Responsible Party” means the public or private body or any other person that, alone or in conjunction with others, determines the purpose of and means for processing Personal Information, as defined under POPIA.

“Service Providers” or “Third-Party Processors” means third-party companies or individuals engaged by Social Wiiv to perform services on its behalf, including but not limited to hosting providers, communication platforms, infrastructure providers, analytics services, or technical support services.

“Special Personal Information” means Personal Information relating to a Data Subject’s race, ethnic origin, political persuasion, religious or philosophical beliefs, health information, biometric information, sexual orientation, criminal behaviour, or any other category of information classified as special personal information under POPIA.

“User” means any individual who accesses or interacts with the Platform, including visitors to the Social Wiiv website, authorised client users, campaign participants, or any other person whose Personal Information may be processed through the Platform.

“Website” means the Social Wiiv website located at www.socialwiiv.com and any associated domains or web pages operated by Social Wiiv.

3. Responsible Party and Operator Roles

Social Wiiv (Pty) Ltd may process personal information in different capacities depending on the nature of the interaction with our website, services, or Platform. In accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), Social Wiiv may act either as a Responsible Party or as an Operator.

3.1 Social Wiiv as Responsible Party

Social Wiiv acts as the Responsible Party where it independently determines the purpose of and means for processing personal information. This includes, but is not limited to, situations where Social Wiiv processes personal information relating to:

visitors to the Social Wiiv website;
individuals submitting enquiries, demo requests, or support requests;
clients entering into contractual relationships with Social Wiiv;
newsletter subscribers or marketing recipients; and
administrative, billing, or operational communications relating to our services.

In these circumstances, Social Wiiv determines the lawful basis for processing the personal information and is responsible for ensuring that such processing complies with applicable data protection laws, including POPIA.

3.2 Social Wiiv as Operator

Where the Social Wiiv Platform is deployed by a Client to collect, process, or manage personal information relating to the Client’s employees, customers, campaign participants, or other end-users, the Client remains the Responsible Party for such personal information.

In these circumstances, Social Wiiv acts solely as an Operator, processing personal information on behalf of the Client and strictly in accordance with the Client’s documented instructions and applicable contractual agreements.

The Client is solely responsible for:

determining the purposes and lawful basis for processing personal information;
providing appropriate privacy notices to its users or participants;
obtaining any necessary consents required under applicable law;
ensuring that personal information collected through the Platform is processed lawfully; and
complying with all applicable data protection laws and regulations.

Social Wiiv does not independently determine the purposes or means of processing personal information collected within a Client’s deployment of the Platform.

3.3 Client Obligations

Clients using the Platform must ensure that they have a valid legal basis for collecting and processing personal information from their users or participants and that appropriate disclosures are provided to such individuals. Clients are responsible for configuring and operating their deployments of the Platform in a manner that complies with applicable privacy and data protection laws.

Social Wiiv shall not be responsible for any personal information collected, processed, or used by a Client through the Platform in violation of applicable laws or regulations, except to the extent that such processing results directly from Social Wiiv acting outside the Client’s documented instructions or in breach of applicable law.

3.4 Operator Safeguards

Where Social Wiiv acts as an Operator, it will implement appropriate technical and organisational measures designed to protect personal information against loss, damage, unauthorised access, or unlawful processing, as required under Section 19 of POPIA, and will process personal information only for the purposes necessary to provide the Platform and related services to the Client.

4. Information Collected

Social Wiiv collects and processes personal information only to the extent that it is adequate, relevant, and not excessive for the purposes for which it is collected, in accordance with the principles of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”).

The categories of information collected depend on how individuals interact with our website, services, or Platform. Personal information may be collected directly from individuals, automatically through technical systems, or indirectly through clients who deploy the Platform for their own users.

4.1 Information Provided Directly by Users

Social Wiiv may collect personal information that individuals voluntarily provide when interacting with our website or services. This may include, but is not limited to:

full name and surname;
email address;
telephone or mobile number;
company or organisation name;
job title or role;
physical address or location information;
account login credentials;
profile information, photographs, or biographical information where applicable; and
any information voluntarily submitted through enquiry forms, registration forms, surveys, support requests, competitions, campaigns, or other interactions with the Platform.

Where users submit personal information relating to other individuals, they warrant that they have obtained the necessary authority or consent to provide such information.

4.2 Information Collected Automatically

When individuals access or use our website or Platform, certain information may be collected automatically through system logs, cookies, or other technical mechanisms. This information may include:

Internet Protocol (IP) address;
device type and operating system;
browser type and version;
pages visited and navigation patterns;
date and time of access;
referring websites or sources;
session duration and interaction data; and
other technical usage data necessary for system administration, security monitoring, and service improvement.

This information is primarily used in aggregated or anonymised form to analyse usage trends, maintain system security, and improve the functionality of the Platform.

4.3 Information Collected Through Client Deployments

Where Social Wiiv provides the Platform to a Client for use in campaigns, loyalty programs, staff engagement systems, competitions, surveys, or other digital services, personal information relating to end-users may be collected through the Client’s deployment of the Platform.

Such information may include:

registration or profile information;
demographic information;
participation data relating to campaigns or programs;
survey responses or feedback;
uploaded content or submissions;
purchase verification information (such as receipts or transaction data); and
other information configured by the Client for collection within the Platform.

In such circumstances, the Client remains the Responsible Party for determining the purpose and lawful basis for collecting and processing this personal information. Social Wiiv acts solely as an Operator processing the information on the Client’s documented instructions.

4.4 Special Personal Information

Social Wiiv does not intentionally collect or process Special Personal Information (as defined under POPIA), such as information relating to race, health, biometric identifiers, religious beliefs, or criminal behaviour, unless such processing is required by law or explicitly authorised by the Data Subject and permitted under applicable data protection legislation.

Where such information is processed through a Client deployment of the Platform, the Client remains responsible for ensuring that all legal requirements for processing such information have been satisfied.

4.5 Biometric Information and Facial Recognition

Social Wiiv may, where expressly configured and enabled by a Client, process biometric information for the purposes of identity verification, access control, security monitoring, and related operational requirements.

Such biometric processing may include the use of facial recognition technologies provided via third-party infrastructure, including Microsoft Azure Face services (“Azure Face ID”).

Where this functionality is deployed:

a facial image of the Data Subject may be captured through the Platform;
such image is securely transmitted to Azure Face ID for the purpose of generating a biometric template;
the biometric template is stored and processed within secure Microsoft Azure infrastructure;
the biometric template is subsequently used to authenticate and verify the identity of the Data Subject when accessing, exiting, or re-entering controlled environments or premises.

Biometric processing is strictly limited to the purposes determined by the Client, including access control, identity verification, attendance tracking, and security enforcement.

4.5.1 Nature of Biometric Data Processing

Biometric data processed through Azure Face ID is converted into a mathematical or algorithmic representation (“biometric template”) and is not stored or processed by Social Wiiv in a directly viewable format within the Platform.

Social Wiiv does not provide functionality within its Platform or administrative interfaces to view, retrieve, or access facial images or biometric templates.

4.5.2 Storage and Security of Biometric Data

Biometric data is stored within secure cloud infrastructure operated by Microsoft Azure and is subject to industry-standard security controls, including encryption, access restrictions, and secure processing protocols.

Social Wiiv implements appropriate technical and organisational measures to ensure that biometric information is:

processed securely;
protected against unauthorised access, disclosure, alteration, or destruction; and
handled in accordance with applicable data protection laws, including POPIA.

Biometric data may be stored and processed in data centres located in jurisdictions determined by Microsoft Azure infrastructure. Where such processing occurs outside South Africa, appropriate safeguards are implemented in accordance with Section 72 of POPIA.

4.5.3 Access Restrictions

Biometric data, including facial images and biometric templates:

is not accessible to Social Wiiv personnel through standard operational systems;
is not accessible to Clients via the Platform interface or administrative dashboards;
is not disclosed, sold, licensed, or otherwise made available to third parties.

Access to such data is strictly restricted and controlled at an infrastructure level.

4.5.4 Disclosure for Legal and Regulatory Purposes

Biometric data may only be accessed, disclosed, or processed outside of its standard operational use where:

required by applicable law;
necessary to comply with a lawful request from a competent regulatory or law enforcement authority; or
authorised pursuant to a valid warrant, subpoena, or court order.

In such circumstances, access will be limited to the minimum extent necessary and handled in accordance with applicable legal obligations and due process requirements.

4.5.5 Client Responsibilities (Responsible Party Obligations)

Where biometric processing is enabled, the Client remains the Responsible Party for such processing under POPIA.

The Client is solely responsible for:

determining the lawful basis for processing biometric information;
obtaining explicit, informed, and specific consent from Data Subjects where required;
providing clear and adequate privacy notices regarding the collection and use of biometric data;
ensuring that such processing complies with all applicable data protection and privacy laws relating to Special Personal Information.

Social Wiiv acts solely as an Operator and processes biometric information strictly in accordance with the Client’s documented instructions and applicable service agreements.

4.5.6 Limitation of Use

Biometric data processed through the Platform shall not be used for purposes unrelated to those explicitly defined by the Client and shall not be used for profiling, surveillance beyond stated purposes, or any form of automated decision-making that produces legal or similarly significant effects without appropriate safeguards. Biometric processing does not involve continuous or real-time surveillance beyond the specific point-of-access verification events configured by the Client. Biometric recognition technologies are probabilistic in nature and may not be 100% accurate. Social Wiiv does not guarantee the accuracy, reliability, or error-free operation of biometric matching processes and shall not be liable for any inaccuracies, false matches, or failures to match, except to the extent required by applicable law.

4.5.7 Refusal of Biometric Processing

Where biometric processing is used for access control or identity verification, Data Subjects may have the right to refuse the processing of their biometric information, subject to applicable law.

In such circumstances, the Client, as the Responsible Party, shall be responsible for determining and providing alternative methods of identification or access, where required.

Social Wiiv does not control or determine alternative access mechanisms and shall not be responsible where access to a service, location, or system is dependent on biometric verification as configured by the Client.

4.6 Information from Third-Party Sources

In certain circumstances, Social Wiiv may receive personal information from third-party sources, including:

integrations with authorised third-party platforms;
service providers assisting with infrastructure, communications, or analytics;
publicly available sources; or
clients who provide information necessary to configure or administer the Platform.

Where information is received from third parties, Social Wiiv processes such information in accordance with this Privacy Policy and applicable data protection laws.

4.7 Data Minimisation

Social Wiiv is committed to the principle of data minimisation and will collect only the personal information that is reasonably necessary to fulfil the purposes described in this Privacy Policy or as required by law.

We do not intentionally collect personal information that is irrelevant or excessive for the operation of our website, services, or Platform.

4.8 Data Accuracy

Social Wiiv takes reasonable steps to ensure that personal information processed through the Platform is accurate, complete, and kept up to date in accordance with applicable data protection laws, including the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”).

Users and Clients are responsible for ensuring that the personal information they provide to Social Wiiv is accurate, complete, and current. Where personal information changes, Users or Clients should update such information or notify Social Wiiv so that the information may be corrected where appropriate.

Social Wiiv may take reasonable steps to verify or update personal information where necessary to ensure compliance with legal obligations or to maintain the integrity of the Platform.

5. Lawful Basis for Processing

Social Wiiv processes personal information only where there is a lawful basis to do so in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”) and other applicable data protection laws.

The lawful bases relied upon by Social Wiiv for processing personal information include the following:

5.1 Consent

Social Wiiv processes personal information on the basis of consent where the Data Subject has provided voluntary, specific, informed, and unambiguous consent to such processing, in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”) and other applicable data protection laws.

Consent may be obtained through various interactions with the Platform, including but not limited to:

registration for accounts or services;
participation in campaigns, competitions, surveys, or promotions;
submission of personal information through forms or platform features;
subscription to marketing or communications; and
acceptance of cookies or similar technologies where required.

Where required by law, Social Wiiv will obtain explicit consent and maintain appropriate records of such consent to demonstrate compliance with applicable legal and regulatory requirements.

5.1.1 Special Personal Information

In alignment with Section 4.4, Social Wiiv does not intentionally process Special Personal Information unless:

such processing is explicitly authorised by the Data Subject;
the processing is necessary for a lawful purpose permitted under applicable law; or
the processing is conducted by a Client acting as the Responsible Party and in compliance with applicable data protection legislation.

Where Special Personal Information is processed, including biometric information such as facial recognition data as described in Section 4.5:

explicit, informed, and specific consent must be obtained from the Data Subject, unless another lawful basis under POPIA applies; and
such processing must be strictly limited to the purpose for which the information was collected.

5.1.2 Client-Controlled Consent

Where Social Wiiv acts as an Operator on behalf of a Client, the Client remains solely responsible for:

determining the lawful basis for processing personal information;
obtaining all necessary consents from Data Subjects;
ensuring that such consent meets the requirements of POPIA, including where Special Personal Information is involved; and
providing appropriate disclosures to Data Subjects regarding the nature and purpose of processing.

Social Wiiv processes personal information strictly in accordance with the Client’s documented instructions and does not independently obtain consent from Data Subjects within Client deployments unless expressly agreed.

5.1.3 Withdrawal of Consent

Data Subjects have the right to withdraw their consent at any time, subject to applicable legal or contractual limitations.

Withdrawal of consent will not affect the lawfulness of any processing carried out prior to such withdrawal but may result in the limitation, suspension, or termination of access to certain features or services of the Platform where such processing is necessary for functionality, including identity verification or access control mechanisms.

5.2 Contractual Necessity

Social Wiiv may process personal information where such processing is necessary for the performance of a contract or to take steps at the request of a Data Subject prior to entering into a contract.

This includes, but is not limited to:

creating and managing user accounts;
delivering services through the Platform;
administering client agreements;
providing technical support or customer service; and
managing billing, invoicing, or other contractual obligations.

Without the required personal information, Social Wiiv may be unable to provide certain services or fulfil contractual commitments.

5.3 Legal Obligation

Social Wiiv may process personal information where processing is necessary to comply with legal or regulatory obligations imposed under applicable laws.

Such obligations may arise under legislation including, but not limited to:

the Protection of Personal Information Act (POPIA);
the Companies Act;
the Tax Administration Act;
the Value Added Tax Act; and
any lawful request from courts, regulators, or government authorities.

5.4 Legitimate Interests

Social Wiiv may process personal information where it is reasonably necessary for the legitimate interests of Social Wiiv or a third party, provided that such interests do not override the fundamental rights and freedoms of the Data Subject.

Legitimate interests may include:

maintaining the security and integrity of the Platform;
preventing fraud, abuse, or unlawful activity;
monitoring system performance and reliability;
improving the functionality and usability of the Platform;
analysing aggregated usage patterns; and
protecting Social Wiiv’s legal rights and interests.

Where processing is based on legitimate interests, Social Wiiv will ensure that such processing is proportionate and that appropriate safeguards are in place to protect the rights of Data Subjects.

5.5 Processing on Behalf of Clients

Where Social Wiiv processes personal information on behalf of Clients using the Platform, the Client determines the lawful basis for such processing as the Responsible Party.

In these circumstances, Social Wiiv acts solely as an Operator processing personal information in accordance with the Client’s documented instructions and the applicable service agreement between Social Wiiv and the Client.

Clients are responsible for ensuring that a valid lawful basis exists for the collection and processing of personal information through their deployment of the Platform.

5.6 Further Processing

Where Social Wiiv intends to process personal information for a purpose other than that for which it was originally collected, such processing will only occur where:

the new purpose is compatible with the original purpose of collection;
the Data Subject has provided additional consent; or
the processing is otherwise permitted or required under applicable law.

6. Purpose of Processing

Social Wiiv processes personal information only for specific, explicitly defined, and lawful purposes, and will not process personal information in a manner that is incompatible with those purposes, except where permitted or required under applicable law.

The purposes for which Social Wiiv may process personal information include the following:

6.1 Provision of Services

Personal information may be processed to provide, operate, maintain, and support the Social Wiiv Platform and related services. This includes activities necessary to create and manage user accounts, enable platform functionality, administer campaigns or programs, and ensure the proper operation of the Platform.

6.2 Client Service Delivery

Where the Platform is used by a Client to operate campaigns, loyalty programs, staff engagement platforms, competitions, surveys, influencer programs, or other digital engagement services, personal information may be processed to facilitate the operation of such services in accordance with the Client’s instructions.

In such circumstances, Social Wiiv acts as an Operator processing personal information on behalf of the Client, and the Client remains responsible for determining the purposes and lawful basis for the processing.

6.3 Communication and Support

Personal information may be processed in order to communicate with users, clients, or website visitors. This includes responding to enquiries, providing technical support, sending service-related communications, managing support requests, and addressing complaints or feedback.

6.4 Marketing and Communications

Where permitted by law and where appropriate consent has been obtained, Social Wiiv may process personal information to send marketing communications, newsletters, product updates, service announcements, and other information relating to Social Wiiv’s services.

Recipients of marketing communications may opt out or unsubscribe at any time through the mechanisms provided in the communication or by contacting Social Wiiv directly.

6.5 Platform Improvement and Analytics

Personal information and usage data may be processed to analyse how the website and Platform are used, to monitor performance, to improve functionality, and to develop new features, services, or technologies.

Where possible, analytics and reporting activities are conducted using aggregated or anonymised data.

6.6 Security and Fraud Prevention

Personal information may be processed to maintain the security, integrity, and reliability of the Platform and associated infrastructure. This includes monitoring for suspicious or fraudulent activity, preventing unauthorised access, detecting abuse of the Platform, and enforcing platform policies and contractual terms.

6.7 Legal and Regulatory Compliance

Social Wiiv may process personal information where necessary to comply with applicable legal obligations, regulatory requirements, or lawful requests from courts, regulators, or government authorities.

Processing may also occur where necessary to establish, exercise, or defend legal rights or claims.

6.8 Internal Business Operations

Personal information may be processed for legitimate internal business purposes, including administration, billing, financial record keeping, contractual management, auditing, reporting, and corporate governance.

6.9 Protection of Rights and Interests

Processing may occur where necessary to protect the rights, safety, or property of Social Wiiv, its clients, users, or the public, including the investigation of potential violations of applicable laws, contractual obligations, or platform policies.

6.10 Further Processing

Where Social Wiiv intends to process personal information for a purpose other than the purpose for which it was originally collected, such processing will only occur where:

the new purpose is compatible with the original purpose of collection;
the Data Subject has provided additional consent; or
the processing is otherwise permitted or required under applicable law.

Appropriate safeguards will be implemented to ensure that any further processing remains lawful and proportionate.

7. Client Responsibility for Platform Data Processing

7.1 Client as Responsible Party

Where the Social Wiiv Platform is made available to a Client for use in connection with campaigns, promotions, loyalty programs, staff engagement platforms, competitions, surveys, influencer programs, marketing initiatives, or other digital services, the Client shall be deemed the Responsible Party in respect of all personal information collected, processed, stored, or otherwise handled within that deployment of the Platform.

The Client determines the purposes for which personal information is collected and processed, as well as the means by which such processing occurs.

7.2 Social Wiiv as Operator

In relation to personal information processed through a Client’s deployment of the Platform, Social Wiiv acts solely as an Operator processing personal information on behalf of the Client and strictly in accordance with the Client’s documented instructions and the applicable service agreement between Social Wiiv and the Client.

Social Wiiv does not independently determine the purposes or means of processing personal information submitted by end-users through a Client’s use of the Platform.

7.3 Client Obligations

The Client is solely responsible for ensuring that its collection and processing of personal information through the Platform complies with all applicable data protection and privacy laws, including the Protection of Personal Information Act, 2013 (POPIA).

Without limitation, the Client is responsible for:

determining the lawful basis for processing personal information;
providing appropriate privacy notices to its users, customers, employees, or participants;
obtaining all necessary consents required under applicable laws;
ensuring that personal information collected through the Platform is processed lawfully and fairly;
ensuring that the information collected is relevant, accurate, and not excessive for the intended purpose; and
complying with any legal obligations relating to the processing, storage, or disclosure of personal information.

7.4 Instructions and Compliance

Social Wiiv processes personal information on behalf of the Client only to the extent necessary to provide the Platform and related services and in accordance with the Client’s instructions as reflected in the applicable service agreement, configuration of the Platform, or written instructions provided by the Client.

The Client warrants that any instructions given to Social Wiiv regarding the processing of personal information comply with applicable data protection laws.

7.5 Client Liability

The Client acknowledges and agrees that Social Wiiv shall not be responsible for the Client’s collection, use, disclosure, or processing of personal information within the Client’s deployment of the Platform, except to the extent that such processing results directly from Social Wiiv acting outside the Client’s documented instructions or in breach of applicable law.

The Client remains responsible for the content, legality, and compliance of any personal information collected or processed through its use of the Platform.

7.5 Client Data Warranty

The Client represents and warrants that it has the lawful authority to collect and provide any personal information submitted to the Platform and that such information has been collected in compliance with applicable data protection laws.

The Client agrees that it will not upload, submit, or otherwise process personal information through the Platform in violation of applicable laws or the rights of any Data Subject.

8. Cookies and Tracking Technologies

8.1 Use of Cookies and Similar Technologies

Social Wiiv uses cookies and similar technologies on its website and Platform to support functionality, enhance user experience, analyse usage patterns, maintain system security, and improve the performance of our services.

Cookies are small text files placed on a user’s device (such as a computer, smartphone, or tablet) when visiting a website or interacting with an online service. These technologies enable the website or Platform to recognise a device, remember user preferences, and collect information regarding how the Platform is accessed and used.

In addition to cookies, Social Wiiv may use related technologies including web beacons, pixels, tags, local storage, and analytics scripts, which perform similar functions for operational, analytical, and security purposes.

8.2 Categories of Cookies

Social Wiiv may use the following categories of cookies and tracking technologies:

Essential Cookies

Essential cookies are necessary for the operation of the website and Platform. These cookies support core functionality such as session management, authentication, security controls, accessibility settings, and system integrity. Because these cookies are strictly necessary for the operation of the Platform, they cannot be disabled through the cookie consent mechanism.

Preference Cookies

Preference cookies enable the website or Platform to remember user settings and preferences, such as language selection, theme configuration, or other interface customisations that improve usability and user experience.

Analytics Cookies

Analytics cookies help Social Wiiv understand how visitors and users interact with the website and Platform. These cookies may collect information such as pages visited, navigation behaviour, session duration, device information, and traffic sources. This information is generally aggregated or anonymised and is used to analyse usage patterns and improve the performance, design, and functionality of the Platform.

Analytics cookies are deployed only where user consent is obtained where required under applicable data protection laws.

Marketing and Advertising Cookies

Where applicable, marketing cookies may be used to measure the effectiveness of marketing communications, deliver relevant content, or support marketing campaigns across digital channels.

Marketing cookies will only be placed on a user’s device where explicit consent has been provided through the cookie consent mechanism.

8.3 Cookie Consent

Where required by applicable law, Social Wiiv will request user consent before placing non-essential cookies on a user’s device.

When visiting the website for the first time, users may be presented with a cookie notice that provides options to:

accept all cookies;
reject non-essential cookies; or
customise cookie preferences.

Users may modify or withdraw their cookie consent at any time through the cookie management interface or through browser settings. Withdrawal of consent will not affect the lawfulness of processing that occurred prior to such withdrawal.

Records of cookie consent may be retained by Social Wiiv to demonstrate compliance with applicable data protection laws.

8.4 Third-Party Cookies

Certain cookies or tracking technologies may be placed by third-party service providers that assist Social Wiiv in delivering infrastructure services, analytics capabilities, communication services, or marketing tools.

These third parties may process information in accordance with their own privacy policies and contractual arrangements with Social Wiiv. Social Wiiv does not control the operation of third-party cookies once they have been placed on a user’s device.

Users are encouraged to review the privacy policies of any third-party services that may interact with the Platform.

8.5 Managing Cookies

Most web browsers allow users to manage cookie settings, including blocking or deleting cookies. Users may configure their browser settings to refuse cookies or to alert them when cookies are being placed.

Please note that disabling certain cookies may affect the availability, functionality, or performance of certain features of the website or Platform.

8.6 Updates to Cookie Practices

Social Wiiv may update its use of cookies and tracking technologies from time to time to reflect changes in technology, legal requirements, or operational needs.

Where material changes occur, this Privacy Policy will be updated accordingly, and the revised version will be published on the Social Wiiv website.

9. Third-Party Processors

9.1 Engagement of Third-Party Processors

Social Wiiv may engage trusted third-party service providers (“Third-Party Processors”) to support the operation, delivery, maintenance, and security of the Platform and related services. These processors may perform services on behalf of Social Wiiv, including but not limited to infrastructure hosting, cloud services, communication services, analytics, software development tools, security monitoring, payment processing, and customer support services.

Third-Party Processors are engaged only where reasonably necessary to enable Social Wiiv to deliver its services efficiently and securely.

9.2 Processing on Social Wiiv’s Instructions

Where a Third-Party Processor processes personal information on behalf of Social Wiiv, such processing will occur only in accordance with:

documented instructions provided by Social Wiiv;
applicable contractual agreements with the processor; and
applicable data protection laws, including the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”).

Third-Party Processors are contractually required to implement appropriate technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, or unlawful processing.

9.3 Categories of Third-Party Processors

Social Wiiv may utilise service providers across several categories, including but not limited to:

Cloud hosting and infrastructure providers
Communication and messaging platforms (including email, SMS, or notification services)
Analytics and monitoring tools
Software development and deployment platforms
Security and fraud-prevention services
Productivity and collaboration platforms
Biometric processing and identity verification providers (including Microsoft Azure Face services)

These providers support the delivery, reliability, and security of the Platform.

9.4 Cross-Border Processing

Certain Third-Party Processors may process or store personal information outside the Republic of South Africa.

Where personal information is transferred across national borders, Social Wiiv will take reasonable steps to ensure that such transfers comply with Section 72 of POPIA, including ensuring that:

the recipient is subject to laws, binding corporate rules, or contractual obligations that provide an adequate level of data protection; or
the transfer is necessary for the performance of a contract or is otherwise permitted under applicable law.

Appropriate safeguards, such as data processing agreements or standard contractual clauses, may be implemented to ensure that personal information remains adequately protected.

9.5 Third-Party Responsibility

Third-Party Processors are independent entities responsible for maintaining the security and confidentiality of the systems and services they operate. While Social Wiiv carefully selects reputable providers and requires contractual safeguards, Social Wiiv does not control the internal operations or security practices of such providers.

To the extent permitted by law, Social Wiiv shall not be liable for any acts, omissions, or security failures attributable solely to a Third-Party Processor, except where such processor is acting under the direct instructions and control of Social Wiiv in breach of applicable data protection laws.

9.6 Processor Review and Oversight

Social Wiiv periodically reviews its Third-Party Processors to ensure that they maintain appropriate data protection and security standards. Where necessary, Social Wiiv may update, replace, or discontinue the use of certain service providers to maintain the integrity and security of the Platform.

10. Cross-Border Transfers

10.1 International Data Transfers

In the course of operating the Platform and providing services, Social Wiiv may transfer, store, or process personal information in jurisdictions outside the Republic of South Africa. Such transfers may occur where Social Wiiv utilises infrastructure providers, cloud hosting services, communication platforms, analytics providers, or other service providers located in other countries.

Where cross-border transfers occur, Social Wiiv will take reasonable steps to ensure that the personal information continues to receive a level of protection that is substantially similar to the protection afforded under the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”).

10.2 Safeguards for Cross-Border Transfers

In accordance with Section 72 of POPIA, Social Wiiv will ensure that cross-border transfers of personal information occur only where at least one of the following conditions is satisfied:

the recipient of the information is subject to a law, binding corporate rules, or contractual agreement that provides an adequate level of protection for personal information;
the Data Subject has consented to the transfer of their personal information to the foreign jurisdiction;
the transfer is necessary for the performance of a contract between the Data Subject and Social Wiiv, or for the implementation of pre-contractual measures taken in response to the Data Subject’s request;
the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between Social Wiiv and a third party; or
the transfer is otherwise permitted or required under applicable law.

10.3 Service Providers Located Outside South Africa

Certain Third-Party Processors engaged by Social Wiiv may operate in jurisdictions outside South Africa. These providers may process personal information as part of their provision of infrastructure, hosting, communications, analytics, or technical services.

Where such providers are used, Social Wiiv will ensure that appropriate data processing agreements, contractual safeguards, or equivalent protective measures are in place to protect personal information and ensure compliance with applicable data protection laws.

10.4 Client-Controlled Transfers

Where the Social Wiiv Platform is deployed by a Client, the Client may configure integrations or services that result in the transfer of personal information to third-party services or jurisdictions outside South Africa. In such circumstances, the Client remains responsible as the Responsible Party for ensuring that such transfers comply with applicable data protection laws and that appropriate safeguards are implemented.

10.5 Protection of Personal Information

Regardless of the location where personal information is processed, Social Wiiv will implement appropriate technical and organisational measures designed to safeguard personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

11. Security Measures

11.1 Commitment to Information Security

Social Wiiv implements appropriate technical, organisational, and administrative security measures designed to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction, in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), including the requirements set out in Section 19 relating to the security of personal information.

These safeguards are designed to ensure the confidentiality, integrity, and availability of personal information processed through the Social Wiiv Platform.

11.2 Technical Safeguards

Social Wiiv utilises industry-standard security technologies and infrastructure safeguards to protect personal information. These measures may include, but are not limited to:

Encryption of data in transit using secure communication protocols such as Transport Layer Security (TLS 1.2 or later);
Encryption of data at rest using industry-recognised encryption standards where appropriate;
Access control mechanisms, including role-based access controls (RBAC), to ensure that access to personal information is restricted to authorised personnel;
Multi-factor authentication (MFA) for administrative and privileged access to critical systems;
Network security protections, including firewalls, intrusion detection systems, and monitoring tools;
Secure software development practices, including code review, version control, and vulnerability management; and
Logging and monitoring systems designed to detect and respond to suspicious or unauthorised activity.

11.3 Organisational Safeguards

In addition to technical measures, Social Wiiv implements organisational policies and procedures designed to safeguard personal information, including:

internal data protection policies and procedures;
access control policies governing authorised personnel;
confidentiality obligations for employees, contractors, and service providers;
periodic security reviews and risk assessments; and
procedures for managing and responding to security incidents.

Personnel with access to personal information are required to handle such information in accordance with applicable data protection laws and internal security policies.

11.4 Third-Party Security

Where Social Wiiv engages Third-Party Processors to provide infrastructure or services necessary for the operation of the Platform, Social Wiiv will take reasonable steps to ensure that such providers implement appropriate security safeguards and comply with applicable data protection obligations.

Third-Party Processors may be required to enter into contractual agreements that impose confidentiality and data protection obligations consistent with applicable data protection laws.

11.5 Security Limitations

While Social Wiiv implements reasonable and appropriate safeguards designed to protect personal information, no method of electronic transmission or storage is completely secure. Accordingly, Social Wiiv cannot guarantee absolute security of personal information.

Users and Clients are responsible for maintaining the confidentiality of their login credentials and for taking appropriate precautions when accessing the Platform.

11.6 Security Monitoring and Improvement

Social Wiiv continuously reviews and updates its security measures to address evolving threats, technological developments, and changes in legal or regulatory requirements. Security practices may be updated from time to time in order to maintain an appropriate level of protection for personal information.

12. Data Breach Procedures

12.1 Security Incident Monitoring

Social Wiiv maintains systems and procedures designed to monitor, detect, and respond to potential security incidents that may affect the confidentiality, integrity, or availability of personal information processed through the Platform.

Security monitoring may include the use of logging systems, intrusion detection tools, infrastructure monitoring, and other security technologies intended to identify suspicious or unauthorised activity.

12.2 Identification and Assessment of Breaches

Where Social Wiiv becomes aware of an actual or reasonably suspected security compromise involving personal information, Social Wiiv will take reasonable steps to promptly investigate the incident in order to determine:

the nature and scope of the security incident;
the categories of personal information involved;
the number of Data Subjects potentially affected;
the potential risks or harm that may result from the incident; and
the appropriate steps required to contain and remediate the incident.

12.3 Containment and Remediation

Upon identifying a security incident, Social Wiiv will take reasonable steps to contain the breach, prevent further unauthorised access, and mitigate any potential harm. Such steps may include isolating affected systems, implementing security patches, resetting credentials, or temporarily suspending access to affected services where necessary.

Social Wiiv may also take corrective measures to address any vulnerabilities identified during the investigation.

12.4 Notification of Affected Parties

Where required under Section 22 of the Protection of Personal Information Act (POPIA), Social Wiiv will notify:

the Information Regulator; and
affected Data Subjects,

as soon as reasonably possible after becoming aware of the compromise and in accordance with Section 22 of POPIA after becoming aware that personal information has been accessed or acquired by an unauthorised person.

Such notification may be provided through appropriate communication channels, including email, website notices, or other reasonable methods designed to reach affected individuals.

Notifications may include, where appropriate:

a description of the security incident;
the categories of personal information involved;
the measures taken or proposed to address the breach;
recommended steps that affected individuals may take to protect themselves; and
contact details for further information.

12.5 Client Notification

Where Social Wiiv processes personal information on behalf of a Client as an Operator, Social Wiiv will notify the Client of a confirmed or reasonably suspected security compromise affecting the Client’s data without undue delay, to enable the Client to fulfil its legal obligations as the Responsible Party.

The Client may then determine the appropriate notification steps required under applicable data protection laws.

12.6 Cooperation with Authorities

Where required by law, Social Wiiv will cooperate with the Information Regulator, law enforcement authorities, or other competent regulatory bodies in connection with investigations relating to security incidents involving personal information.

12.7 Continuous Improvement

Following the resolution of a security incident, Social Wiiv may conduct internal reviews to identify root causes and implement improvements to security controls, procedures, or infrastructure in order to reduce the likelihood of similar incidents occurring in the future.

13. Data Retention and Disposal

13.1 Retention Principle

Social Wiiv retains personal information only for as long as is reasonably necessary to fulfil the purposes for which the information was collected, or for as long as may be required or permitted under applicable laws, including the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”).

Personal information will not be retained longer than necessary unless:

retention is required or authorised by law;
retention is necessary for lawful business purposes;
retention is required to comply with contractual obligations; or
the Data Subject has consented to longer retention.

13.2 Categories of Retention

Depending on the nature of the interaction with the Platform or services, personal information may be retained for different periods, including but not limited to:

Account and Platform Data: retained for the duration of an active account or service relationship and for a reasonable period thereafter for administrative, operational, or security purposes;
Client Deployment Data: retained in accordance with the instructions of the Client acting as the Responsible Party;
Financial and Transaction Records: retained for periods required by applicable tax and financial regulations;
Security Logs and Technical Data: retained for limited periods necessary to monitor system performance, security incidents, and operational integrity;
Marketing Communications Data: retained until the Data Subject withdraws consent or unsubscribes from communications.

Retention periods may vary depending on legal requirements, contractual obligations, or operational needs.

13.3 Data Retention in Client Deployments

Where Social Wiiv processes personal information on behalf of a Client through the Platform, the Client remains responsible for determining appropriate retention periods for personal information collected within their deployment.

Social Wiiv will retain or delete such information in accordance with the Client’s instructions and the applicable service agreement between Social Wiiv and the Client.

13.4 Retention of Biometric Information

Biometric information, including facial recognition data and biometric templates, will be retained only for as long as necessary to fulfil the purpose for which it was collected, including access control and identity verification, or as instructed by the Client acting as the Responsible Party.

Where biometric data is no longer required, Social Wiiv will, in accordance with the Client’s instructions and applicable law, ensure that such data is securely deleted, destroyed, or anonymised.

The Client remains responsible for defining appropriate retention periods for biometric information and ensuring compliance with applicable legal requirements relating to Special Personal Information.

13.5 Deletion and Anonymisation

Where personal information is no longer required for the purposes for which it was collected, Social Wiiv will take reasonable steps to ensure that such information is:

securely deleted;
permanently destroyed; or
anonymised so that the information can no longer be associated with an identifiable Data Subject.

Deletion procedures may include the removal of records from active systems and the scheduled deletion of data from backup systems in accordance with operational retention cycles.

13.6 Secure Disposal

Social Wiiv implements appropriate procedures to ensure the secure disposal or destruction of personal information when it is no longer required. Such procedures may include secure digital deletion, overwriting of storage media, or other industry-recognised methods designed to prevent the reconstruction or recovery of personal information.

13.7 Legal Holds and Disputes

Social Wiiv may retain personal information for longer periods where necessary to:

comply with legal obligations;
respond to lawful requests from regulators or authorities;
establish, exercise, or defend legal claims; or
preserve evidence in connection with investigations, disputes, or litigation.

Where such circumstances apply, the relevant information will be retained only for as long as necessary to fulfil those obligations.

14. Data Subject Rights

14.1 Rights of Data Subjects

In accordance with Chapter 3 of the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), individuals whose personal information is processed by Social Wiiv (“Data Subjects”) are afforded certain rights relating to their personal information.

Subject to applicable legal limitations, Data Subjects may exercise the following rights in relation to personal information processed by Social Wiiv.

14.2 Right of Access

Data Subjects have the right to request confirmation as to whether Social Wiiv holds personal information relating to them and, where applicable, to request access to such personal information.

Upon receipt of a valid request, Social Wiiv may provide a description of the personal information held, the purposes for which it is processed, and the recipients or categories of recipients to whom the information may have been disclosed.

14.3 Right to Correction

Data Subjects have the right to request that Social Wiiv correct, update, or rectify personal information that is inaccurate, incomplete, misleading, or outdated.

Social Wiiv may require reasonable verification of identity before making such corrections to ensure the security of personal information.

14.4 Right to Deletion or Destruction

Where personal information is no longer required for the purpose for which it was collected, or where processing is no longer authorised under applicable law, Data Subjects may request that Social Wiiv delete, destroy, or de-identify their personal information.

Such requests will be considered in accordance with applicable legal and contractual obligations, including any lawful retention requirements.

14.5 Right to Object to Processing

Data Subjects may object to the processing of their personal information in certain circumstances permitted under POPIA, including where personal information is processed for direct marketing purposes or where the processing is based on legitimate interests.

Upon receiving a valid objection, Social Wiiv will consider the request and cease processing the personal information where required by applicable law.

14.6 Withdrawal of Consent

Where personal information is processed on the basis of consent, Data Subjects have the right to withdraw such consent at any time.

Withdrawal of consent will not affect the lawfulness of any processing carried out prior to the withdrawal.

14.7 Right to Lodge a Complaint

If a Data Subject believes that their personal information has been processed in a manner that is inconsistent with applicable data protection laws, they have the right to lodge a complaint with the Information Regulator of South Africa.

Before doing so, Data Subjects are encouraged to contact Social Wiiv directly so that we may attempt to resolve the matter promptly.

14.8 Exercising Data Subject Rights

Requests to exercise any of the rights described in this section may be submitted to Social Wiiv’s Information Officer using the contact details provided in this Privacy Policy.

Social Wiiv may take reasonable steps to verify the identity of the requesting individual before responding to a request in order to prevent unauthorised access to personal information.

Where permitted under applicable law, Social Wiiv may decline or limit requests that are manifestly unfounded, excessive, or that would infringe upon the rights of other individuals or legal obligations.

14.9 Requests Relating to Client Deployments

Where Social Wiiv processes personal information on behalf of a Client as an Operator, requests relating to access, correction, deletion, or objection should be directed to the relevant Client acting as the Responsible Party.

Where appropriate, Social Wiiv may assist the Client in responding to such requests in accordance with the applicable service agreement.

15. Children’s Privacy

15.1 Protection of Personal Information of Children

Social Wiiv recognises the importance of protecting the privacy and personal information of children, as defined under the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), being individuals under the age of eighteen (18) years.

Social Wiiv does not knowingly collect, process, or store personal information relating to children unless such processing is permitted under applicable law or authorised by a competent person, such as a parent or legal guardian.

15.2 Platform Usage

The Social Wiiv website and Platform are generally intended for use by business users, clients, and individuals aged eighteen (18) years or older, unless otherwise expressly indicated in connection with a specific campaign, promotion, or program operated through the Platform.

Where a Client deploys the Platform for a campaign, promotion, or service that may involve participants under the age of eighteen (18), the Client remains responsible as the Responsible Party for ensuring that the collection and processing of personal information relating to such individuals complies with applicable laws and that any necessary consent from a competent person has been obtained.

15.3 Parental or Guardian Consent

Where the processing of personal information relating to a child is permitted and required for a lawful purpose, Social Wiiv will take reasonable steps to ensure that the necessary consent has been obtained from a competent person, including a parent or legal guardian, where required under POPIA.

Clients using the Platform to engage with children are responsible for implementing appropriate mechanisms to obtain such consent and for ensuring that all legal requirements relating to the processing of children’s personal information are satisfied.

15.4 Unauthorised Collection of Children’s Information

If Social Wiiv becomes aware that personal information relating to a child has been collected or processed without the appropriate authorisation or lawful basis, Social Wiiv will take reasonable steps to delete or anonymise such information as soon as reasonably practicable, unless retention is required under applicable law.

Parents or guardians who believe that a child’s personal information has been submitted to Social Wiiv without proper authorisation may contact Social Wiiv using the contact details provided in this Privacy Policy to request the removal of such information.

15.5 Client Responsibility

Where personal information relating to children is processed through a Client’s deployment of the Platform, the Client remains responsible for ensuring compliance with all legal obligations relating to children’s personal information, including obtaining any required consent from a competent person and providing appropriate privacy disclosures.

Social Wiiv acts solely as an Operator in respect of such processing and does not independently determine the purposes for which such personal information is collected.

16. Business Transfers

16.1 Corporate Transactions

In the event that Social Wiiv (Pty) Ltd undergoes a corporate transaction, including but not limited to a merger, acquisition, consolidation, restructuring, financing transaction, sale of assets, or transfer of all or part of its business operations, personal information processed by Social Wiiv may be transferred to the relevant successor entity, purchaser, investor, or affiliated entity as part of that transaction.

Such transfers may include personal information relating to users, clients, website visitors, and other individuals whose information is processed through the Platform.

16.2 Continuity of Data Protection

Where personal information is transferred as part of a business transaction, Social Wiiv will take reasonable steps to ensure that the recipient of the personal information continues to process such information in a manner that is consistent with applicable data protection laws, including the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), and that appropriate safeguards are implemented to protect the confidentiality and security of the information.

16.3 Notice of Transfer

Where required by applicable law or where reasonably practicable, Social Wiiv may provide notice to affected individuals regarding the transfer of personal information in connection with a corporate transaction.

Any successor entity that acquires personal information as part of such a transaction will be required to process the information in accordance with applicable legal obligations.

16.4 Client Deployments

Where personal information is processed through a Client’s deployment of the Platform, any transfer of such information in connection with a corporate transaction will remain subject to the applicable service agreements and the Client’s role as the Responsible Party under applicable data protection laws.

Social Wiiv will continue to act as an Operator in relation to such personal information unless otherwise agreed or required by law.

16.5 No Unauthorised Use

Personal information transferred as part of a business transaction will not be used for purposes that are materially different from those described in this Privacy Policy without providing appropriate notice or obtaining any consent required under applicable law.

17. Automated Processing

17.1 Use of Automated Processing

In the course of operating the Social Wiiv Platform and delivering related services, certain processing activities may be performed through automated systems, algorithms, or software processes designed to facilitate platform functionality, improve user experience, and enhance operational efficiency.

Automated processing may include activities such as system-generated scoring, activity tracking, campaign participation calculations, analytics reporting, fraud detection, and the automated distribution of rewards, notifications, or communications.

17.2 Platform Functionality

Automated processing may be used to support various features of the Platform, including but not limited to:

allocation of points, scores, rankings, or rewards within campaigns or gamification systems;
verification of participation in platform activities;
automated communication triggers (such as notifications, confirmations, or reminders);
fraud detection, abuse monitoring, or security alerts;
system performance monitoring and analytics; and
automated content or interaction moderation where applicable.

These processes are implemented to ensure the efficient and reliable operation of the Platform.

17.3 Client-Controlled Automated Processing

Where the Social Wiiv Platform is deployed by a Client, certain automated processing features may be configured by the Client to support campaigns, programs, competitions, surveys, or other services.

In such circumstances, the Client remains the Responsible Party for determining the purposes and lawful basis for any automated processing conducted through the Platform, while Social Wiiv acts solely as an Operator processing personal information on the Client’s documented instructions.

17.4 Human Oversight

Social Wiiv takes reasonable steps to ensure that automated processes used within the Platform are designed and monitored in a manner that is fair, transparent, and consistent with applicable data protection laws.

Where automated processes may affect users or participants in a meaningful way, appropriate safeguards, monitoring mechanisms, or human oversight may be implemented to ensure the integrity and accuracy of such processes.

17.5 Limitations of Automated Processing

Automated processing performed through the Platform is generally intended to support operational functionality and does not constitute automated decision-making that produces legal or similarly significant effects on individuals without appropriate safeguards.

Where applicable, Social Wiiv may review or adjust automated processes to address technical errors, system anomalies, or operational issues.

18. Limitation of Liability

18.1 No Guarantee of Absolute Security

While Social Wiiv implements appropriate technical and organisational measures designed to safeguard personal information, no method of electronic transmission, storage, or processing of information can be guaranteed to be completely secure.

To the fullest extent permitted by applicable law, Social Wiiv does not warrant or guarantee that personal information transmitted to, stored on, or processed through the Platform will be entirely free from unauthorised access, interception, alteration, or destruction.

18.2 Platform Availability

Social Wiiv makes reasonable efforts to maintain the availability, security, and performance of the Platform. However, the Platform and related services are provided on an “as is” and “as available” basis.

Social Wiiv shall not be liable for any interruption, delay, unavailability, or technical malfunction of the Platform resulting from circumstances beyond its reasonable control, including but not limited to infrastructure failures, network outages, cyber incidents, maintenance activities, or failures of third-party systems.

18.3 Third-Party Services

The Social Wiiv Platform may rely on or integrate with third-party infrastructure, software, communication platforms, or service providers in order to deliver its services.

While Social Wiiv selects reputable service providers and implements contractual safeguards where appropriate, Social Wiiv does not control the operations, security practices, or availability of such third-party services.

To the extent permitted by law, Social Wiiv shall not be liable for any loss, damage, or unauthorised access to personal information arising solely from the acts, omissions, or failures of third-party service providers.

18.4 Client-Controlled Processing

Where the Platform is used by a Client to collect, process, or manage personal information relating to the Client’s users, customers, employees, or participants, the Client remains the Responsible Party for such processing.

Social Wiiv acts solely as an Operator processing personal information on behalf of the Client in accordance with the Client’s instructions and the applicable service agreement.

Accordingly, Social Wiiv shall not be liable for the Client’s collection, use, disclosure, or processing of personal information through the Platform where such processing is determined and controlled by the Client.

18.5 Limitation of Damages

To the maximum extent permitted by applicable law, Social Wiiv shall not be liable for any indirect, incidental, consequential, special, or punitive damages, including but not limited to loss of profits, loss of data, loss of business opportunities, reputational damage, or business interruption arising out of or in connection with the use of the Platform or the processing of personal information.

18.6 Maximum Liability

Where liability cannot be excluded under applicable law, Social Wiiv’s total aggregate liability arising from or relating to the processing of personal information or the use of the Platform shall be limited to the maximum extent permitted by applicable law and, where applicable, subject to the limitations contained in any relevant service agreement between Social Wiiv and the Client.

18.7 Preservation of Rights

Nothing in this Privacy Policy shall exclude or limit liability where such exclusion or limitation would be unlawful under applicable law.

19. Jurisdiction and Governing Law

19.1 Governing Law

This Privacy Policy and any dispute, claim, or matter arising from or relating to the collection, processing, storage, or use of personal information by Social Wiiv shall be governed by and interpreted in accordance with the laws of the Republic of South Africa, including but not limited to the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), without regard to conflict-of-law principles.

19.2 Jurisdiction of Courts

Subject to any applicable mandatory legal provisions, the courts of the Republic of South Africa shall have exclusive jurisdiction to resolve any disputes or claims arising out of or relating to this Privacy Policy or the processing of personal information by Social Wiiv.

Nothing in this clause shall prevent Social Wiiv from seeking appropriate relief, including injunctive or equitable remedies, in any competent jurisdiction where such relief may be necessary to protect its legal rights or interests.

19.3 Client Agreements

Where personal information is processed in connection with services provided to a Client, the governing law and jurisdiction specified in the applicable service agreement or contractual arrangement between Social Wiiv and the Client may also apply.

In the event of any conflict between this Privacy Policy and such service agreements, the provisions of the relevant service agreement shall prevail to the extent permitted by law.

20. Contact Information

20.1 Information Officer

Social Wiiv has appointed an Information Officer responsible for overseeing compliance with applicable data protection laws, including POPIA, and for handling requests relating to personal information processed by Social Wiiv.

Data Subjects may contact the Information Officer for:

privacy-related enquiries;
requests to access, correct, or delete personal information;
objections to the processing of personal information;
withdrawal of consent; or
concerns regarding the handling of personal information.

Information Officer
Baron Marshall
Director – Social Wiiv (Pty) Ltd

Email: privacy@socialwiiv.com
Address: 292 Surrey Avenue, 1st Floor, Ferndale, Randburg, 2194, South Africa

20.2 Deputy Information Officer

Social Wiiv may appoint one or more Deputy Information Officers to assist with day-to-day data protection compliance and the handling of data subject requests.

Where applicable, such requests may be managed by authorised personnel under the supervision of the Information Officer.

20.3 Response to Requests

Social Wiiv will acknowledge receipt of privacy-related requests within a reasonable period and will respond substantively within the timeframes prescribed by applicable law, including the timeframes set out under POPIA.

In order to protect personal information from unauthorised disclosure, Social Wiiv may require reasonable verification of the identity of the individual submitting the request before responding.

20.4 Information Regulator

If a Data Subject believes that Social Wiiv has not adequately addressed a concern regarding the processing of personal information, the Data Subject has the right to lodge a complaint with the Information Regulator of South Africa.

Information Regulator (South Africa)
Website: https://www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za
Telephone: +27 12 406 4818

Data Subjects are encouraged to contact Social Wiiv first so that we may attempt to resolve the matter promptly and effectively.

21. Changes to This Privacy Policy

Social Wiiv may update or revise this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, operational practices, or technological developments.

Where material changes are made to this Privacy Policy, Social Wiiv will take reasonable steps to notify users and clients, which may include publishing the updated policy on the Social Wiiv website, updating the “Last Updated” date at the beginning of the policy, or providing notice through the Platform or other appropriate communication channels.

Continued use of the Platform after the effective date of any updated Privacy Policy constitutes acknowledgement of the revised terms to the extent permitted by applicable law.