Skip links

Privacy Policy

Last Update: 26 April 2024

Introduction

At VAT Modernisation SA, your privacy is important to us. For that reason, we want you to understand how VAT Modernisation SA collects, uses and discloses information. It applies to personal information that we collect from any of our Engagement methods with you. This Privacy Statement describes how VAT Modernisation SA collects and uses your personal information, with whom we share it, and your choices and rights in relation to your personal information.

Engagement Methods

This includes all physical and digital forms of interaction by you with us, whether as a Visitor, through social media sites and mobile applications (collectively “Internet Services”) that link to this Privacy Policy, in writing or orally, or personal information that we may collect or receive both Online and Offline from you.

Information Practices

This Privacy Policy describes our practices in connection with information that we collect from you through our Engagement Methods: As a Visitor on VAT Modernisation SA’s Platforms; Applications or websites; Email messages that we send to you with links to services; referrals and surveys on behalf of a client referred to as a User and their Agents; Newsletter subscriptions; our Affiliate Programs: Online and Offline support methods; and when you interact with us in any other way. These are collectively referred to as Engagement Methods.

VAT Modernisation SA is subject to the Protection of Personal Information Act, No. 4 of 2013 (“POPIA”), of which the operative provisions came into effect on 1 July 2020. Public and private bodies have until 1 July 2021 to be fully compliant. “Personal information” is defined in POPIA as information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing juristic person, including but not limited to:

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

(b) information relating to the education or the medical, financial, criminal or employment history of the person;

(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

(d) the biometric information of the person;

(e) the personal opinions, views or preferences of the person;

(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

(g) the views or opinions of another individual about the person; and

(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

VAT Modernisation SA adheres to the applicable data protection laws in the European Union of which (“GDPR”) General Data Protection Regulation is the primary legislation dealing with the protection and regulation of personal Information If you are a natural person based in the EU, who wishes to or has procured services offered by VAT Modernisation SA, and in the process you have provided personal information to us in order to provide a service or process your enquiry, we will where appropriate and applicable, supplement our obligations as set out herein with the additional aspects of GDPR.

Definition of a Visitor

A Visitor is any party who visits VAT Modernisation SA’s Platforms, Applications or websites. It could be any individual on their own behalf or on behalf of a User or Other Third Party who visits VAT Modernisation SA’s Platforms, Applications or websites. Although there are privacy clauses that are specific to only certain types of Visitors, as detailed in the Terms of Agreement for VAT Modernisation SA and Non-disclosure Agreements with VAT Modernisation SA, the following privacy policy applies to all Visitors.

Personal Information Categories

“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. Which personal data we collect depends on which of VAT Modernisation SA’s Engagement Methods is used. Generally, there are two categories of personal data we collect or use:

Personal Data You Provide: This is the personal data you provide and enter when you visit VAT Modernisation SA’s Platforms, Applications or websites. This may include, without limitation, your name, email address, physical address, phone number (fixed or mobile), login and account information for authentication purposes and access, you gender and other information.

Metadata and Log Files: This is data that is collected or generated automatically when you use VAT Modernisation SA’s Platforms, Applications or websites. Metadata is often collected or generated when using a computer or device when you send data via a computer network, such as the Internet. This may include Internet Protocol (IP) address, geographic location, device identifier, hardware information, browser type, browser language, the number of times you access the Site, when you access the Site, information about referring partners, and other information.

Methods of Collection

We and our affiliates collect Personal Information in a variety of ways, including:

Online and Offline through our Engagement Methods; through trade shows, from client referrals and third party referrals such as value added resellers or developers of other complimentary services; and from Other Sources such as publicly available databases in electronic or print form.

Purpose for Collection

We need to collect Personal Information in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people to us or to our service referral providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Statement.

We and our service referral providers use Personal Information for legitimate business purposes including: Providing the functionality of the Services and fulfilling your requests; To provide the Services’ functionality to you; To respond to your inquiries and fulfil your requests, when you contact us; To send administrative information to you, such as changes to our terms, conditions and policies; We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation and/or because we have a legitimate interest; Providing you with our newsletter and/or other marketing materials and facilitating social sharing; To send you marketing related emails, with information about our services, new products and other news about our company; Analysis of Personal Information for business reporting and providing personalized services; To analyse or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Services; Allowing you to participate in loyalty and or other promotions. Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information. We use this information to manage our contractual relationship with you; Aggregating and/or anonymizing Personal Information. We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for accomplishing our business purposes; For data analysis; For audits; For fraud and security monitoring purposes; For developing new products and services; For enhancing, improving, or modifying our current products and services; For identifying usage trends, for determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and For operating and expanding our business activities.

Disclosure to Third Parties

We disclose Personal Information to our third party service providers, to facilitate services they provide to us or send you marketing communications, consistent with your choices. VAT Modernisation SA may share your personal data also with third party service providers to perform certain processing activities. We provide these companies with only the information they need to perform their services and require these service providers to process and protect your personal data diligently. These companies are prohibited from using this information for their own marketing purposes and from sharing this information with anyone else. Other than set out in this statement, VAT Modernisation SA will not sell, rent, lease, or provide your personal data to third parties nor allow them to use your personal data for their own purposes.

VAT Modernisation SA’s Platforms, Applications and websites may use social media plugins, including plugins for Facebook, Twitter, Instagram, Vimeo, YouTube, and others. When you use those services it may be linked to your account or existing profile with them. This means that those third parties may be made aware you have visited the Site and may collect related data. Those third parties may store portions of your information even if you have not established an account or profile with them. For information regarding the policies and practices of those third parties, please visit their respective websites. You may be able to avoid or block third parties from collecting your data by changing your personal settings on the third party’s website or through the use of a suitable add-on for your browser.

We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so in order to: Comply with applicable law and regulations. This can include laws outside your country of residence; Cooperate with public and government authorities; Respond to a request or to provide information we believe is important. These can include authorities outside your country of residence; Cooperate with law enforcement; Enforce our terms and conditions; Protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; facilitate any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business.

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.

We may use a third-party service to process payments made through the Services. If you wish to make a payment through the Services, your Personal Information will be collected by such third party and not by us, and will be subject to the third party’s privacy policy, rather than this Privacy Statement. We have no control over, and are not responsible for, this third party’s collection, use and disclosure of your Personal Information.

Collection of Other Information

“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual such as: Browser and device information; App usage data; Information collected through cookies and other tracking technologies; Demographic information and other information provided by you that does not reveal your specific identity; Information that has been aggregated in a manner such that it no longer reveals your specific identity.

If we are required to treat Other Information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy.

We and our service referral providers may collect Other Information in a variety of ways, including:

From your browser or device – Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.

Using cookies and tracking technologies – Please refer to our Cookies Notice

Your IP address – This is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.

The physical location of your device – This is to provide you with personalized location-based services and content. We may also share your device’s physical location, combined with information about what advertisements or promotions you viewed and other information we collect, with our marketing partners, affiliates and referral service providers to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you do, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.

We may use and disclose Other Information for any purpose, except where we are required to do otherwise in terms of clauses specific to certain types of users and under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

Your Rights Under Data Protection Laws In The EU

VAT Modernisation SA adheres to the applicable data protection laws in the EU, which provide you (if you are an EU citizen) with certain rights relating to your personal information, subject to any legal exceptions. Your rights include:

a) The right to access personal information that we hold about you.

b) The right to rectify inaccurate personal information we hold about you without undue delay, and considering the purposes of the processing, to have incomplete personal information about you completed.

c) The right to ask us to erase your personal information (the right to be forgotten) without undue delay in certain circumstances.

d) The right to restrict the processing of your personal information in certain circumstances.

e) The right to receive your personal information from us in a structured commonly used and machine-readable format and to transmit your personal information to a third party without obstruction (right to data portability) in certain circumstances.

f) Where we process personal information based on your consent, you have the right to withdraw your consent at any time for future processing.

g) Where we process your personal information based upon our legitimate interests or those of a third party, you have the right to object to the processing of your personal information at any time (including to any profiling).

h) Where we process your personal information for direct marketing purposes, you have the right to object to processing of your personal information at any time, including profiling to the extent that it is related to such direct marketing.

i) The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

You may lodge a complaint with the European Commission’s online complaint procedure (https://ec.europa.eu) if you believe that your data protection rights relating to your personal information have been breached by VAT Modernisation SA or that your personal information has been compromised in some way. You may contact us with requests, complaint or questions regarding these rights by email at privacy@vatsa.co.za.

Similarly, individuals in countries outside of the EU may exercise their rights under any applicable data protection laws by contacting us by email at privacy@vatsa.co.za.

Protection of Personal and Other Information

We use our best available organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by email at privacy@vatsa.co.za.

Choices of Use and Disclosure

We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt-out from:

Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by: clicking the “unsubscribe” link at the bottom of one of our marketing emails.

Our sharing of your Personal Information with affiliates for their direct marketing purposes: If you would prefer that we discontinue sharing your Personal Information on a going-forward basis with our affiliates for their direct marketing purposes, you may opt-out of this sharing by contacting us via privacy@vatsa.co.za. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.

How You Can Access, Change Or Delete Your Personal Information

If you would like to request to review, correct, update, suppress, restrict or delete Personal Information, object to the processing of Personal Information, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us via privacy@vatsa.co.za.

We will respond to your request consistent with applicable law. In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such promotion).

Personal Information Retention

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include: The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or

Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Services Age

The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 18.

Cross Border Information Storage and Transfer

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

Sensitive Personal Information

Unless we request it for the fulfillment of a specific Service, we ask that you do not send us, and you do not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.

Privacy Policy Revision

The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

Responsible Disclosure

If you believe you have discovered a security vulnerability please report it to us as soon as possible so that we may take the necessary measures to counter the vulnerability. Actively scanning our company network to detect vulnerabilities is not allowed. The security of our systems and networks is of utmost importance to us and we continually scan ourselves for any existing or potential vulnerabilities. In line with our policy for responsible disclosure please follow these important steps: Before sending us any description of the vulnerability please contact us to arrange for this report to be sent to us in an encrypted manner in order for it not to be exploited by any party; As we wish to work with you, please provide us with as much information as you can to assist us in identifying, confirming and resolving the vulnerability; Do not abuse the vulnerability in any way and if you obtained any confidential information please delete it immediately and completely; Do not use the vulnerability to attempt to attack or exploit in any way the security of Third Parties application, networks or other systems; Do not share the vulnerability with others until we have resolved it completely and provided you have the applicable report.

We take all vulnerability reports seriously and investigate them thoroughly without delay. We will provide an evaluation assessment and resolution date within 5 working days, while keeping you updated on our progress. We will keep your report confidential and will not share your personal data with third parties without your permission unless we are required to do so by law, such as when your it is requested by the police or the courts. We are unable to be in contact with you on the steps we are taking if you have provided a report anonymously. We may express our appreciation monetarily although this is not a guarantee or commitment to do so and will be limited to a maximum of R500. If you request us to do so we can mention you as the discoverer of the vulnerability in any communications about the incident. It is essential that you abide by these conditions in full to avoid any legal action taken against you pertaining to the report. The Public Prosecutor’s Office retains the right to decide whether additional investigation is necessary;

We are committed to identify and resolve any possible vulnerability as quickly as possible, while keeping all relevant stakeholders updated on the issues.

Contacting Us

VAT Modernisation SA is located at Suite 201, 64 Wrenrose Avenue, Birdhaven, Johannesburg, 2196 is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us at privacy@vatsa.co.za.

Because email communications are not always secure, please do not include sensitive information in your emails to us.