The purpose of this document (“Privacy Statement”) is to inform the reader of how iOCO Limited and all of its subsidiaries (“iOCO” ) manage and process (any operation or set of operations performed on data by any means such as collecting, recording, organization, storage, adaptation or alteration of personal information etc.) personal information. The manner in which iOCO manages Personal Information (personal data, as defined in the data protection laws, includes, but is not limited to, names, postal addresses, email addresses, telephone numbers, date of birth etc.), is subject to the Electronic Communications and Transactions Act 25 of 2002; Protection of Personal Information Act 4 of 2013 (“PoPIA”) and the European Union General Data Protection Regulations (“GDPR”)  collectively referred to as (“Data Protection Laws”).

When users (individuals who make use of any iOCO websites and/or applications) interact with iOCO, submit information to iOCO, or sign up for any products and/or services offered by iOCO, all personal information, which may be collected through our website or other channels, is treated as confidential and private. iOCO manages the user’s personal information in the following ways:

• By collecting personal information;
• Using such personal information;
• Sharing (amongst ourselves) the users’ personal information; and
• Disclosing such personal information to iOCO’s authorised service providers as well as relevant third parties in the manner set forth in this Privacy Statement.

iOCO may from time to time update this document to ensure that it is consistent with future developments, industry trends and/or any changes in legal or regulatory requirements.

1. WHO WE ARE

We are iOCO, a technology and service company that provides a wide range of Information Technology solutions.

Our details are as follows:

2. COLLECTION OF PERSONAL INFORMATION

•  Generally, iOCO collects user Personal Information in the following ways:
  • Upon submission of an application form or other forms relating to any of iOCO’s products and services;
  • When interacting with iOCO’s customer service officers (via telephone calls, letters, face-to-face meetings and emails);
  • When making use of any iOCO service e. Websites and/or applications;
  • Upon submission of a request for iOCO to contact them, or request to be included in an email or other mailing lists;
  • When there is a response to iOCO promotions, initiatives or any request for additional Personal Data;
  • When contacted by or responding to iOCO marketing representatives and customer service officers;
  • When iOCO receives references from business partners and third parties;
  • When iOCO seeks information from third parties in connection with the products and services applied for; and
  • Upon submitting Personal Information to iOCO for any other
• When a user browses iOCO Websites, it is generally done anonymously. iOCO does not automatically collect Personal Information unless such information is provided or login credentials are used.
• If iOCO is provided with any Personal Information relating to a third party (e.g. information about a spouse, children, parents and/or employees), by submitting such information, a user confirms that the consent of the third party to provide iOCO with such personal information has been obtained.
• Users must ensure that all Personal information submitted to iOCO is complete, accurate, true, and correct. Failure to do so may result in iOCO’s inability to provide users with the products and services requested.

3. PURPOSES FOR THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION

•  Generally, iOCO collects, uses and discloses personal information of users for the following purposes:
  • To respond to queries and requests;
  • To manage the administrative and business operations of iOCO and comply with internal policies and procedures;
  • To facilitate business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the Companies;
  • To match any Personal information held, relating to any of the purposes listed herein;
  • To resolve complaints and handle requests and/or enquiries;
  • To prevent, detect, investigate a crime, analyse and manage commercial risks;
  • To provide media announcements and responses;
  • To monitor or record phone calls and customer-facing interactions for quality assurance, employee training and performance evaluation and identity verification purposes;
  • For legal purposes (including but not limited to obtaining legal advice and dispute resolution);
  • To conduct investigations relating to disputes, billing, suspected illegal activities or fraud;
  • To meet or comply with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal or regulatory bodies that are binding on iOCO (including but not limited to responding to regulatory complaints, reporting to regulatory bodies and conducting audit checks, due diligence and investigations); and
  • For purposes which are reasonably related to the

• In addition to the above, iOCO collects, uses and discloses Personal information of users for the following purposes:
  • As a customer or an employee of an organisation that is a customer of iOCO:
    • Opening or continuation of accounts and establishing or providing users with the products and services subscribed to;
    • Facilitating the continuation or termination of user subscriptions to iOCO products and services;
    • Facilitating the daily operation of the products and services (including but not limited to billing, customer service, customer verification, technical support, network maintenance and troubleshooting);
    • Facilitating third-party services if purchased, obtained, administered or processed through iOCO;
    • Managing and executing iOCO service-level agreements with users;
    • Processing of payment instructions, direct debit facilities and/or credit facilities requested by users;
    • Enforcement of repayment obligations (including but not limited to debt collection, filing of claims and retrieval of payments from losses made by service partners);
    • Administering and processing any insurance claims and payments arising under the respective policies;
    • Credit and internal risk management (including but not limited to performing credit checks and disclosures to law enforcement agencies);
    • Generation of internal reports (including but not limited to annual, operational and management reports);
    • Processing referral payments and commission fees to iOCO’s external partners;
    • Administering fee adjustments, refunds and waivers;
    • Notifying users of their entitlements under loyalty and reward programmes with iOCO;
    • Analysing user experience with iOCO products and services so as to help us improve, review, develop and efficiently manage the products and services offered; and
    • For purposes which are reasonably related to the aforementioned

• Furthermore, where permitted under the Data Protection Laws:
  • iOCO may also collect, use and disclose Personal information of users for the following additional purposes:
  • For analytics and tracking, including facilitating the sale of analytical data;
  • To conduct market research and surveys to enable iOCO to understand and determine customer location, preferences and demographics in order to develop special offers and marketing programmes in relation to iOCO products and services, and to improve our service delivery and customer experience;
  • To provide additional products, services and benefits to users, which include promotions, loyalty and reward programmes from iOCO;
  • To match Personal information with other data collected for other purposes and from other sources (including third parties) in connection with the provision, marketing or offering of products and services by iOCO;
  • For leads generation and management of marketing iOCO’s products and services;
  • To administer contests, competitions and marketing campaigns, and personalize user experience;
  • To communicate advertisements involving details of iOCO’s products and services, special offers and rewards, either to general customers or to communicate advertisements that iOCO has identified as being of interest to specific users (this includes but is not limited to upselling, cross-selling and telemarketing);
  • To organise promotional events and corporate social responsibility projects; and
  • For purposes which are reasonably related to the

• In relation to particular products and services or user interactions, iOCO may also specifically notify users of other purposes for which personal information is collected, used, or disclosed.

• Users have a choice to withdraw consent for receiving marketing or promotional materials/communication. Users may contact iOCO using the Head Office contact details found on the main website ioco.tech or email privacy@iocogroup.com 

• Once iOCO receives confirmation that a user wishes to withdraw consent for marketing or promotional materials/communication, it may take up to 30 (thirty) working days for the withdrawal to be reflected in the system. Therefore, users may continue to receive marketing or promotional materials/communication during that period of time. It may be noted that even upon withdrawal of consent for the receipt of marketing or promotional materials, iOCO may still contact users for other purposes in relation to the products and services held by users or subscriptions to iOCO.

4. PROCESSING OF PERSONAL INFORMATION

• By providing personal information to iOCO, users acknowledge that the information has been collected from them directly and there is consent for iOCO to process such

• Where users submit personal Information (such as name, address, telephone number and email address) via the iOCO Website (e.g. through completing any online form) the following principles are observed in the processing of such information:
  • iOCO will only collect personal information for a purpose consistent with the purpose for which it is required. The specific purpose for which information is collected will be apparent from the context in which it is requested.
  • iOCO will only process personal Information in a manner that is adequate, relevant and not excessive in the context of the purpose for which it is
  • Personal Information will only be processed for a purpose compatible with that for which it was collected unless the user has agreed to an alternative purpose in writing or iOCO is permitted in terms of national legislation of general application dealing primarily with the protection of Personal Information. iOCO will keep a record of all personal Information collected and the specific purpose for which it was collected for a period according to the retention policy.
  • iOCO will not disclose user personal Information relating to any third party, unless prior written consent from the user is obtained, or where iOCO is required to do so by law.
  • If personal information is provided with the consent of the user, iOCO will retain a record of the information, the third party to which it was released, the purpose for processing the date of data capturing, and the retention period.
  • iOCO will destroy or delete any personal information that is no longer needed by iOCO for the purpose it was initially collected, or subsequently processed.

5. DISCLOSURE OF PERSONAL INFORMATION

• iOCO will take reasonable steps to protect the personal information of users against unauthorised disclosures. Subject to the provisions of any applicable law, Personal Information may be disclosed for the purposes listed above (where applicable), to the following:
  • iOCO’s related corporations and employees to provide content, products and services to address user questions and requests in relation to customer accounts, subscription and billing arrangements with iOCO as well as products and services;
  • Companies providing services relating to insurance and consultancy to iOCO;
  • Agents, contractors or third-party service providers who provide operational services to iOCO, such as courier services, telecommunications, information technology, payment, printing, billing, payroll, processing, technical services, training, market research, call centre, security or other services to iOCO;
  • Vendors or third-party service providers in connection with marketing promotions and services offered by iOCO;
  • Other telecommunications, content or other service providers to facilitate their provision of content or services, or for interconnection, inter-operability, system operation and maintenance and billing between service providers;
  • Collection and repossession agencies in relation to the enforcement of repayment obligations for debts;
  • Credit bureaus for the purpose of preparing credit reports or evaluation of creditworthiness;
  • External banks, credit card companies and their respective service providers;
  • iOCO’s professional advisers such as auditors and lawyers;
  • Relevant government regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and
  • Any other party to whom users authorise iOCO to disclose Personal Information.

6. SHARING YOUR PERSONAL INFORMATION

In general, we will only share your personal information if any one or more of the following apply:

1. if you have provided consent;
2. if it is necessary to conclude or perform under a contract, we have with you;
3. if the law requires it; and/or
4. if it is necessary to protect or pursue your, our or a third party’s legitimate interests.

Where required, each member of the iOCO group may share your personal information with the

following persons. These persons have an obligation to keep your personal information secure and

confidential according to company policy:

1. Other members of the iOCO group, its associates, delegates, assigns, affiliates or successors in title and/or appointed third parties (such as its authorised agents, partners, contractors and suppliers) for any of the purposes identified in this Privacy Policy;
2. Our service providers, suppliers and sub-contractors for the performance of any contract we have entered into with them in respect of our services and products provided to you or in respect of running our internal business operations; We will also obtain your consent for third parties to provide us with credit vetting services to assess your financial status, in order to provide services to you.

• Our employees, as required by their employment conditions and policies;

1. Law enforcement and fraud prevention agencies, and other persons tasked with the prevention and prosecution of crime;
2. Regulatory authorities, industry ombudsmen, government departments, local and international tax authorities, and other persons the law requires us to share your personal information with;
3. Attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements.

7. AUTOMATED DECISION-MAKING

• We will not engage in automated processing of your Personal Information under the following circumstances:
• When it would lead to legal consequences for you;
• When it would significantly impact you;
• When the purpose is to create a profile of you.

Prior notice of such processing will be provided, along with an opportunity for you to make representations, after we have clarified the rationale behind the automated decision-making process.

8. CONSENT

By using our website, products, or services, you consent to the collection, use, and sharing of your personal information that you have shared as described in this Privacy Statement. You have the right to withdraw your consent at any time by contacting us using the information provided above.

• Consent, if necessary, for further processing: should iOCO further process your personal information, iOCO will ask you for your consent, unless it is not compatible with the purpose for which we originally collected that specific Personal Information.
• Consent to process a child’s Personal Information: should iOCO be required to process a child’s Personal Information because they want to use one of our products or services, you must provide us consent as a competent person (the parent or guardian), before we can process any of the child’s personal information.
• Consent to process Special Personal Information: Unless we do not have another lawful ground as set out in PoPIA or other relevant legislation, should we need to process Special Personal Information such as, amongst others, your biometric fingerprints, we will first obtain your consent before we do so.

 9. DATA SUBJECT RIGHTS

• Section 5 of PoPIA confers upon you, as a data subject, a range of rights concerning the processing of your personal information. These rights include, but are not limited to:
  • Notification: You are entitled to receive notification when your personal information is collected, accessed, or acquired by unauthorized parties.
  • Access: You have the right to confirm whether we hold your personal information and to request access to it through a subject access request (here). To satisfy these requirements, we have published a PAIA Manual.
  • Correction, destruction, or deletion: You may request corrections or the deletion of your personal information.
  • Objection: You have the right to object to the processing of your personal information under valid grounds.
  • Complaints: You can lodge complaints with the Information Regulator and initiate civil proceedings regarding any breaches in the protection of your personal information.
  • Avoidance of automated decisions and profiling: You possess the right to avoid being subject to automated decision-making or profiling.
  • Opting out of direct marketing: You can object to the processing of your personal information for direct marketing purposes.

Should you provide consent for us to process your personal information, you retain the right to withdraw this consent at any time without incurring penalties. However, such withdrawal may impact our ability to continue providing services to you. It’s important to note that certain legal obligations may necessitate the retention of your personal information even after consent withdrawal.

10.DATA SECURITY

• All information you provide to us is stored securely on our servers or those of our trusted partner services. We employ suitable, widely recognized technical and organizational safeguards to defend your data against unauthorized or unlawful processing, accidental loss, destruction, or damage. This includes utilizing encryption where appropriate. However, it’s important to note that transmitting information over the Internet isn’t entirely risk-free. While we strive to protect your personal information to the best of our abilities, we cannot guarantee 100% security for data transmitted to our servers via the Internet. Any transmission is undertaken at your own risk. We take reasonable technical and organizational measures to maintain the integrity of the information we collect about you, adhering to accepted technological standards to –
  • Ensure that your personal information is not accessed or disclosed without authorization.
  • Safeguard your personal information to prevent misuse, loss, alteration, or destruction.
  • Regularly review our information collection, storage, and processing practices, including physical security measures, to stay aligned with industry best practices.
  • Maintain secure backups for operational and safety reasons.

11. USE OF COOKIES

1.  iOCO uses cookies (a small piece of information that is placed on a user’s computer when visiting certain websites) for the following purposes:
   1. To enable certain features and functions on websites, e.g. remembering user-id, favourite channel selections, browsing and other service preferences;
   2. To build up a profile of how users experience the website;

• To improve the efficiency of iOCO’s website;

1. To administer services to users and advertisers; and
2. To establish usage statistics.
   1. Most internet browsers provide users with the option of turning off the processing of cookies (please see the “help” section of the browser), but this may result in the loss of functionality, restrict use of the website and/or delay or affect the way in which it
   2. Advertisements on the iOCO website may be provided by third-party advertisers and their agencies. These may generate cookies to track how many people have seen a particular advertisement (or use the services of third parties to do this) and to track how many people have seen it more than once. iOCO does not control these third parties and their cookie policies. Should users have any questions about iOCO’s Data Privacy Policy, they may contact iOCO.
   3. iOCO is not responsible for the Personal Information policies (including Personal Information protection and cookies), content or security of any third-party websites linked to the Website.

12. QUERIES

 If a user :

1. Would like to withdraw consent to any use of their Personal Information as set out in this Privacy Statement, they may contact the business unit executive that manages their account or the privacy mailbox at privacy@ioco.group
2. Would like to obtain access and make corrections to their Personal Information records, they may contact the business unit executive who manages their account.
3. If your Personal Information has been provided to iOCO by a third party (e.g. a referrer), users should contact that organisation or individual to make such queries, complaints, and access correction requests to iOCO on their behalf.
4. If a user withdraws their consent to any or all use of Personal Information, depending on the nature of such a request, iOCO may not be in a position to continue to provide its products and services to users. In addition, iOCO may not administer any contractual relationship in place, which in turn may also result in the termination of any agreements with iOCO, and may result in the user being in breach of contractual obligations or undertakings. iOCO’s legal rights and remedies in such an event are expressly reserved.

13. COMPLAINTS

If you would like to complain about any of our privacy practices and the way protect or process your personal information, you can submit a complaint by sending an email to our Group Information Officer or our privacy mailbox at privacy@ioco.group. We will respond to your complaint as quickly and efficiently as possible.

If you are not satisfied with our resolution of your complaint, you have the right to lodge your complaint directly. With the information regulator by sending an email to complaints.IR@justice.gov.za or visiting their website at https://inforegulator.org.za/

14. GOVERNING LAW

1.  This Privacy Statement and use of the Website shall be governed in all respects by the laws of South Africa.