Privacy Policy

1. Introduction

Stokvel Society South Africa (“we”, “us”, “our”, or “the Association”) is committed to protecting your privacy and personal information. We recognize the importance of safeguarding the personal information of our members and website visitors.

This Privacy Policy applies to all personal information processed by:

• Stokvel Society South Africa Car Buying/Cash Savings Group (the Association)
• Munhumukapa Holdings Group (Pty) Ltd (the Trustee Company and service provider)

This policy describes our practices concerning the collection, use, disclosure, retention, and protection of your personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African privacy laws.

By becoming a member, using our digital platform, or interacting with our services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal information as described herein.

2. Definitions

• “Personal Information” means information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person, as defined in POPIA
• “Processing” means any operation or activity concerning personal information, including collection, storage, use, modification, disclosure, and destruction
• “Data Subject” means the person to whom personal information relates (you, the member or user)
• “Responsible Party” means the entity that determines the purpose and means of processing personal information
• “Operator” means a person who processes personal information on behalf of the Responsible Party
• “POPIA” means the Protection of Personal Information Act, 2013 (Act No. 4 of 2013)
• “Information Regulator” means the regulatory body established under POPIA to oversee data protection compliance

3. Responsible Party

For the purposes of POPIA, the Responsible Party for your personal information is:

3.1 Information Officer

We have appointed an [Appointment Pending] as required by POPIA who is responsible for ensuring compliance with data protection laws:

Name: [Appointment Pending]
Email: governance@stokvelsociety.co.za
Phone: [Appointment Pending]

You may contact the Information Officer with any questions, concerns, or requests regarding your personal information or this Privacy Policy.

4. Information We Collect

We collect various types of personal information necessary to provide our services and comply with legal obligations. The information we collect includes:

4.1 Identification Information

• Full name and surname
• South African ID number or passport number
• Date of birth
• Nationality and citizenship status
• Gender
• Photograph (for identification purposes)

4.2 Contact Information

• Physical residential address
• Postal address
• Email address
• Mobile phone number
• Landline number (if applicable)
• Emergency contact details

4.3 Financial Information

• Bank account details (account number, bank name, branch code)
• Contribution and payment history
• Transaction records
• Tax reference number
• Employment and income information (for verification purposes)

4.4 FICA and Verification Documents

• Copy of South African ID or passport
• Proof of residence (utility bill, bank statement)
• Source of funds declaration
• Employment verification documents

4.5 Membership Information

• Membership tier (Standard, Pro, or Premium)
• Contribution plan selected
• Policy number and account details
• Meeting attendance records
• Voting history and preferences
• Benefit distribution records

4.6 Vehicle Information (if applicable)

• Vehicle preferences and selections
• Vehicle registration and license details
• Insurance information
• Driver’s license details

4.7 Technical and Usage Information

• IP address
• Device information (type, operating system, browser)
• Login credentials and authentication data
• Platform usage data and activity logs
• Cookies and similar tracking technologies
• Communication preferences

4.8 Communications

• Emails, messages, and correspondence with us
• Support queries and complaints
• Feedback and survey responses
• Meeting notes and recorded proceedings

5. How We Collect Information

We collect your personal information through various methods:

5.1 Directly From You

• When you complete the membership application form (online or physical)
• When you register and create an account on our digital platform
• When you make contributions or payments
• When you communicate with us via email, phone, or in-person
• When you attend meetings or participate in voting
• When you submit support queries or complaints
• When you complete surveys or provide feedback

5.2 Automatically

• Through cookies and similar technologies when you use our website or app
• Through log files and analytics tools that track platform usage
• Through your interactions with our digital services

5.3 From Third Parties

• Credit bureaus and financial institutions (for verification purposes)
• FICA verification service providers
• Payment processors and banks
• Government databases (where legally required)
• Referees or references you provide

6. Purpose of Processing

We process your personal information for the following specific, explicitly defined, and lawful purposes:

Purpose	Description
Membership Administration	To process your application, create your account, and manage your membership throughout its lifecycle
Contribution Processing	To collect, record, and manage your monthly contributions and admin fees
Benefit Distribution	To determine eligibility, process vehicle or cash distributions, and manage ownership transfers
Legal Compliance	To comply with FICA, tax laws, financial regulations, and other legal obligations
Communications	To send important notices, updates, meeting invitations, and service-related communications
Platform Services	To provide access to digital wallet, member portal, voting systems, and other online services
Security & Fraud Prevention	To protect against fraud, unauthorized access, and other security threats
Governance	To facilitate democratic processes including voting, meetings, and decision-making
Financial Reporting	To prepare financial statements, audit reports, and transparency documents
Customer Support	To respond to queries, resolve complaints, and provide assistance
Service Improvement	To analyze usage, gather feedback, and enhance our services and platform
Marketing (with consent)	To send information about additional services, workshops, and member benefits

We will not process your personal information for purposes other than those listed above unless we obtain your consent or are required to do so by law.

7. Lawful Basis for Processing

Under POPIA, we must have a lawful basis to process your personal information. We rely on the following legal grounds:

7.1 Consent

You provide voluntary, specific, and informed consent when you:

• Complete the membership application
• Accept the Terms of Service and this Privacy Policy
• Opt in to receive marketing communications
• Agree to cookies and tracking technologies

You may withdraw your consent at any time by contacting us, though this may affect our ability to provide certain services.

7.2 Contractual Necessity

Processing is necessary to:

• Enter into and perform the membership agreement
• Provide the services you have requested
• Process contributions and distributions
• Fulfill our obligations under the Constitution

7.3 Legal Obligation

We are legally required to process certain information to comply with:

• Financial Intelligence Centre Act (FICA) – for identity verification and anti-money laundering
• Tax Administration Act – for tax reporting and withholding
• Companies Act – for corporate governance and record-keeping
• Other applicable South African laws and regulations

7.4 Legitimate Interests

We may process your information where necessary for legitimate interests pursued by us or a third party, provided these interests do not override your fundamental rights and freedoms. Legitimate interests include:

• Fraud detection and prevention
• Network and information security
• Internal administration and record-keeping
• Improvement of our services and platform
• Protection of our legal rights and interests

8. Sharing Your Information

We respect the confidentiality of your personal information and will only share it in the following circumstances:

8.1 Within the Association

• Executive Committee Members: Access to member information necessary for governance and administration
• Trustee Company Staff: Authorized personnel who need access to perform their duties
• Other Members: Limited information (name, membership tier) may be shared for transparency and voting purposes, as required by the Constitution

8.2 Service Providers and Operators

We engage third-party service providers who process personal information on our behalf. These include:

• Payment Processors: To process contributions and distributions
• Banking Institutions: To manage trust accounts and financial transactions
• IT Service Providers: For hosting, maintenance, and support of our digital platform
• FICA Verification Services: To verify identity and comply with anti-money laundering requirements
• Communication Services: For email, SMS, and notification delivery
• Auditors and Accountants: For financial audits and compliance
• Legal Advisors: When legal advice or representation is required

All service providers are contractually obligated to maintain confidentiality and security of your information and may only use it for the purposes we specify.

8.3 Legal and Regulatory Authorities

We may disclose your information to:

• South African Revenue Service (SARS) for tax compliance
• Financial Intelligence Centre (FIC) for FICA reporting
• South African Police Service (SAPS) if criminal activity is suspected
• Courts and tribunals when legally required
• Information Regulator when requested
• Other regulatory bodies with lawful authority

8.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the successor entity, subject to the same privacy protections.

8.5 With Your Consent

We may share your information with other parties when you have given explicit consent for us to do so.

9. Data Security

We take the security of your personal information seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized access, loss, destruction, or alteration.

9.1 Security Measures

Our security measures include:

• Encryption: Data transmission via SSL/TLS encryption; sensitive data encrypted at rest
• Access Controls: Role-based access with the principle of least privilege
• Authentication: Multi-factor authentication for platform access
• Firewalls and Intrusion Detection: Network security monitoring and protection
• Regular Security Audits: Periodic assessment of security controls and vulnerabilities
• Staff Training: Privacy and security awareness training for all personnel
• Physical Security: Secure facilities with restricted access to physical records
• Backup and Recovery: Regular backups with disaster recovery procedures

9.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Regulator within 72 hours (as required by law)
• Notify affected data subjects without undue delay
• Provide information about the nature of the breach and remedial actions
• Take immediate steps to contain and remedy the breach

9.3 Your Security Responsibilities

You also play a role in protecting your information:

• Keep your login credentials confidential
• Use strong, unique passwords
• Log out after using shared devices
• Report suspicious activity immediately
• Keep your contact information up to date

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

10.1 Retention Periods

Information Type	Retention Period
Active Membership Records	Duration of membership plus 5 years
Financial Records	Duration of membership plus 5 years (tax compliance)
FICA Documents	Duration of membership plus 5 years (legal requirement)
Transaction History	Duration of membership plus 5 years
Governance Records (minutes, votes)	Indefinitely (for historical record)
Communications	3 years or until matter is resolved
Website Logs and Cookies	12 months maximum
Marketing Consent Records	Until consent is withdrawn plus 1 year

10.2 Disposal of Information

When retention periods expire, we securely delete or anonymize personal information using:

• Secure electronic deletion methods
• Physical destruction of paper records (shredding)
• Anonymization techniques where historical data is needed

10.3 Legal Holds

We may retain information beyond standard retention periods when required by:

• Ongoing legal proceedings or disputes
• Regulatory investigations
• Valid legal obligations

11. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights regarding your personal information:

11.1 How to Exercise Your Rights

To exercise any of these rights:

1. Submit a written request to our Information Officer at governance@stokvelsociety.co.za
2. Provide sufficient information to verify your identity
3. Specify which right(s) you wish to exercise
4. Include relevant details about your request

We will respond to your request within 30 days or inform you if more time is needed.

11.2 Limitations on Rights

Your rights are not absolute and may be limited where:

• We have a legal obligation to retain information
• Processing is necessary for the performance of a contract
• Deletion would prejudice legitimate interests
• Information is required for legal proceedings
• Restrictions are provided for by law

12. Cookies and Tracking Technologies

Our website and digital platform use cookies and similar tracking technologies to enhance your experience and analyze usage patterns.

12.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and understand how you use our services.

12.2 Types of Cookies We Use

• Essential Cookies: Necessary for platform functionality and security (e.g., session management, authentication)
• Functional Cookies: Remember your preferences and settings (e.g., language, display options)
• Analytics Cookies: Help us understand platform usage and performance (e.g., page views, navigation patterns)
• Performance Cookies: Monitor system performance and user experience

12.3 Managing Cookies

You can control cookies through:

• Your browser settings (most browsers allow you to refuse or delete cookies)
• Our cookie consent tool when you first visit our website
• Your account preferences on the platform

Note that disabling certain cookies may affect platform functionality.

12.4 Third-Party Cookies

We may use third-party services (such as analytics providers) that set their own cookies. These are governed by the third parties’ privacy policies.

13. Third-Party Links

Our website may contain links to external websites, services, or resources operated by third parties. This Privacy Policy does not apply to those third-party sites.

We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any external sites you visit.

Clicking on third-party links is at your own risk, and we disclaim any liability for third-party data practices.

14. Children’s Privacy

Our services are intended for adults aged 18 years and older. We do not knowingly collect personal information from children under 18.

If you are under 18, you may not register as a member or use our services without parental or guardian consent.

If we become aware that we have collected personal information from a child under 18 without proper consent, we will take steps to delete that information promptly.

Parents or guardians who believe we may have collected information from their child should contact us immediately at governance@stokvelsociety.co.za.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

15.1 Notification of Changes

When we make material changes to this policy, we will:

• Update the “Last Updated” date at the top of this document
• Notify active members via email or platform notification
• Post a notice on our website for at least 30 days
• Request renewed consent where required by law

15.2 Your Acceptance

Continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of our services and may request termination of your membership.

15.3 Policy Archive

Previous versions of this Privacy Policy are available upon request from our Information Officer.

16. Complaints and Regulator Contact

16.1 Internal Complaints

If you have concerns about how we handle your personal information, please contact us first:

• Email: governance@stokvelsociety.co.za
• Subject Line: “Privacy Complaint”
• Response Time: We will acknowledge within 5 business days and investigate within 30 days

16.2 Information Regulator

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator:

17. Contact Information