By accessing and/or using our online services and/or platform(s), you acknowledge that Snapplify will process your personal information in terms of this policy. We process all user personal information under our control in terms of this policy. “Users” include people (i) who have signed up or registered for our services or used our platform; (ii) who have shown interest in our services or platform; (iii) who are browsers of our website(s) or social media platforms; (iv) who are leads or potential future customers or users.
If you are under the age of 18, you must have permission from your parent or guardian before using our services and/or platform(s) or providing us with your personal information.
This policy may be amended from time to time. Please ensure that you have read the latest version on our website.
We’re committed to privacy protection
Snapplify is committed to protecting the privacy of our users, in accordance with applicable privacy legislation such as the South African Protection of Personal Information Act (POPIA), the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), and any other data privacy legislation that may apply in a jurisdiction within which we conduct business (collectively, “Applicable Data Privacy Laws”).
For this reason:
- We never share identifiable user information with third parties for their own use.
- We are explicit about what information we are collecting and what we intend to use it for. We only collect information that is necessary, considering the purpose of collection and in providing an excellent educational platform and service.
- Where the law requires, we always first require consent to process user information.
- We only hold user information for the period that a user is legitimately using our service and a reasonable period thereafter for internal business purposes.
- We use information predominantly to make sure that users are getting the most out of our online services and/or platform(s).
- We do not market to users under 18 years of age.
How we collect personal information
The ways we may collect personal information from you include, but are not limited to the following:
- Through direct or active interactions with you
- In the course of our relationship with you
- Through automated or passive interactions with you
- When you visit or interact with our website or our various social media platforms
- From third parties where the law allows us
- Public sources
- Using ‘cookies’ to collect website usage information
When you use our websites or platforms we automatically receive and record information on our server logs from your browser. This information may include, amongst others, your location, IP address, cookie information and Google Analytics information. This is statistical data about browsing actions and patterns. We may also obtain information about your general internet usage through a cookie file which is stored on the hard drive of your computer. Cookies enable us to improve our websites, platforms and services, estimate our audience size and usage patterns, store information about your preference and recognise when you return to the websites and/or platforms.
In some instances, we collect and store information about your location through cookies (other than when you share your location with us). We convert your IP address or mobile GPS data into a rough geo-location, and we may use location information to improve and personalise the websites and services for you.
The various types of cookies (distinguished by their function, lifespan and origin) that we may collect include the following:
- First party cookies: cookies that are stored by the actual website you are visiting which are only visible to that website;
- Necessary cookies: cookies that are necessary for the technical operation of a website. For example, they enable you to move around on a website and to use its features;
- Performance cookies: cookies that collect data on the performance of a website. Examples include the number of persons who visit a website, the time spent on the website and errors that may arise during the use of the website;
- Functionality or preference cookies: cookies that increase the usability of a website by remembering a visitor’s choices, such as the language preference, login information, location of the visitor, etc.;
- Targeting or advertising cookies: cookies that enable a website to send its visitors personalised advertising, often based on your browsing history; and
- Session cookies: these are temporary cookies that are deleted once you close your browser. Permanent cookies are those that are stored on your device until you delete them or until your browser deletes them (after a period specified in the cookie).
What personal information we collect and why
We may collect personal information that includes, but is not limited to:
- Identity information (e.g. name, school and grade data, subject data)
- Contact information (e.g. email address and phone number)
- Financial information and payment details
- Transactional information (e.g. previous orders)
- Technical information (e.g. app version and operating system)
- Usage information (e.g. reading and usage data, as well as how, when, and for how long you are using our platforms, content viewed and search queries submitted)
- Location information
- Marketing and communications information
- Information you provide to us if you contact us (e.g. to request support or submit feedback)
- Views or opinions on our platforms and services
Other information from third parties like social media (any information collected via these channels is governed by the privacy settings, policies, and/or procedures of the applicable social media platform)
We collect personal information for the following purposes:
- to perform in terms of our agreement or as part of providing services or our platforms;
- operate and manage your account or your relationship with us and related third parties;
- monitor and analyse our business to ensure that it is operating properly, for financial management and for business-development purposes;
- contact you by email to inform you about our services, however, you can opt-out of such communications;
- form a view of you as an individual and to identify, develop or improve our services and other services that may interest our users;
- carry out market research and surveys, business and statistical analysis and necessary audits;
- fraud prevention;
- perform other administrative and operational tasks like testing our processes and systems and ensuring that our security measures are appropriate and adequate; and
- comply with our regulatory, legal or other obligations.
In addition to the above purposes, we may use your personal information for other purposes if the law allows for it, if you consent to it, or if it is in the public interest to do so. All purposes for the processing of your personal information will be legal in terms of applicable privacy legislation.
As a user with a Snapplify user account, you will receive information pertaining to the service offering and new features from Snapplify, and by registering you also consent to receive information from Snapplify on products or services offered by third-party marketplace partners, including to receive via electronic channels. We may therefore process personal information for the purpose of direct marketing and providing you with information that may be of interest to you. You have the right to opt out at any time.
If you opt out of receiving marketing communications from us, we may still send you transactional or administrative messages which are necessary to render the services to you. We will never send direct marketing to users under the age of 18.
How we protect your personal information
Snapplify ensures protection and management of personal information. We may use collected information to compile profiles for statistical purposes (analyse data for trends and statistics) and trade in these profiles. However, the individual user will always remain anonymous so no information contained in the profiles or statistics will be able to be linked to any specific user. Snapplify (Pty) Ltd maintains rights to all information collected.
We respect your privacy. All the information collected will be kept strictly confidential and personal identifiers will not be disclosed without your express consent, except when a prior written agreement exists giving permission to share personal details, or when we are required to provide information in order to ensure compliances with any form of legal process or with any law or where we instruct service providers under contract to provide a service to us which includes sharing or allowing access to personal information. We will only share information in this manner if we have entered into an agreement with the service provider that upholds our security undertakings and prohibits the service provider from using the personal information for its own purposes.
The Security methods we use
Snapplify uses commercially reasonable technical and organisational security methods to protect your personal information. Your personal information will be stored in a database located behind multiple firewalls and accessible only to authorised personnel. We do not encrypt normal Web sessions, but any transmission to our servers of credit card or other personal information uses Secure Sockets Layer (SSL) software, which encrypts information that you input. Password and credit card information is stored in our database in an encrypted, non-human readable form.
In the event of a data breach which may put users at risk, Snapplify will immediately notify all relevant stakeholders and users and the Information Regulator. You can report any suspected security breach to firstname.lastname@example.org.
Note that the internet is an open and often vulnerable system and the transfer of information via the internet is not completely secure. Although we will implement all reasonable measures to protect personal information, we cannot guarantee the security of your personal information transferred to us using the internet. Therefore, you acknowledge and agree that any transfer of personal information via the internet is at your own risk and you are responsible for ensuring that any personal information that you send is sent securely.
How we store your personal information
We store information supplied by users in fully secured databases with restricted access. This information may be updated through our subscriber functions via accounts.snapplify.com, one of the Snapplify e-commerce stores or a Snapplify-owned platform. User information is stored for as long as a user account is registered with Snapplify and for a reasonable period thereafter considering internal business processing. However, anonymous de-registered user information may be retained for high-level research purposes.
Specific instances when information is disclosed
In order to provide the best possible and most relevant service, we may use standard technology to collect information about the use of our online services and/or platforms to share with clients. This technology is not able to identify individual users but simply allows us to collect statistics. We will only ever disclose aggregate information about our user base. Aggregate information will never disclose who you are, but rather identifies the user population in general terms.
Other instances where user information will be shared includes sharing with:
- our business partners or third party service providers, such as data storage service providers, third party payment processors, finance providers, information verification providers, software licensors or partners, specialised sub-contractors, etc. in accordance with written agreements with those third parties;
- legal and regulatory authorities, at their request, or for the purposes of reporting any breach of Applicable Data Privacy Laws;
- accountants, auditors, lawyers and other external professional advisors in terms of written agreements with them;
- any relevant party to the extent necessary for the establishment, exercise or defence of legal rights, criminal offences, threats to public security, etc.;
- any relevant third party in the event that we sell or transfer all or any portion of our business or assets; and
- any relevant third party provider where we use third party advertising, plugins, services or content in our services.
If we engage third party service providers (operators) to process your personal information, the operators will be appointed in terms of a written agreement which will require the third party operators to only process personal information on our written instructions, use appropriate measures to ensure the confidentiality and security of your personal information and comply with any other requirements set out in the agreement and required by Applicable Data Privacy Laws.
International transfers of personal information
In accordance with Applicable Data Privacy Laws, we may transfer your personal information to recipients in other countries if the recipient is subject to adequate data protection laws or do so in terms of a written agreement with the recipient which imposes data protection requirements on that party as required by Applicable Data Privacy Laws.
Your legal rights
You have the following rights in relation to your personal information as available and except as limited under Applicable Data Privacy Laws:
- Right of access – the right to be informed of and request access to the personal information that we process about you;
- Right to rectification – you may request that your personal information be amended or updated where it is inaccurate or incomplete;
- Right to erasure – the right to request that we delete your personal information, subject to applicable limitations and exceptions;
- Right to restrict processing – you may request that we temporarily or permanently stop processing your personal information;
- Right to object –
- you may object to us processing your personal information; and
- to your personal information being processed for direct marketing purposes;
- Right not to be subject to automated decision-making – where a decision that has a legal or other significant effect is based solely on automated decision making, including profiling, you may request that your personal information not be processed in that manner.
You can exercise your rights by sending an email to email@example.com.
Where you have provided consent for us to process your personal information, you may also withdraw your consent where our processing is based on your consent. However, we may continue to process your personal information if another legal justification exists for the processing.
Links on our website
Our website may include links to third party websites which do not fall under our supervision. We cannot accept any responsibility for your privacy or the content of these third party sites, but we display these links in order to make it easier for you to find information about specific subjects. Your use of and reliance on these links is at your own risk.
Right to object
You may, on reasonable grounds, object to us using your personal information for certain purposes. If you object, we will stop using your personal information, except if Applicable Data Privacy Laws allow or require its continued use. To exercise this right or to discuss it with us, please contact us at firstname.lastname@example.org.
Retention of information
We retain personal information in accordance with Applicable Data Privacy Laws or for our legitimate business purposes. We will only retain your personal information for the purposes explicitly set out in this policy. We may keep personal information indefinitely in a de-identified format for statistical purposes, which may include for example statistics of how you use the services.
We may also retain your personal information for the duration of any period necessary to establish, exercise or defend any legal rights.
Lodging a complaint
If you want to raise any objection or have any queries about our privacy practices, you can contact our information officer, Wesley Lynch, at email@example.com.
You may also lodge complaints with any Regulator in your applicable jurisdiction. The information applicable to the South African regulatory authority (i.e. the Information Regulator) and the regulator in terms of the GDPR (i.e. the European Commission) are listed below:
For POPI in South Africa (the Information Regulator):
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: firstname.lastname@example.org or email@example.com
For GDPR (The European Commission):
Online complaint procedure: https://ec.europa.eu/info/about-european-commission/contact/problems-and-complaints/how-make-complaint-eu-level/submit-complaint_en
Address: European Commission, Secretary-General
B-1049 Brussels, BELGIUM