PRIVACY POLICY

At ZAPPAD, we are committed to maintaining the trust and confidence of visitors to our website, and users of our products and services. In particular, we want you to know that ZAPPAD is not in the business of buying, selling, renting or trading email lists with other companies and businesses for marketing purposes.

 

In this Privacy Policy, we’ve provided detailed information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure. For the purposes of this Privacy Policy, “personal information” shall be defined as set out in the Promotion of Access to Information Act, No. 2 of 2000.

 

You can contact us with data information requests via email at info@zappAD.co.za, or alternatively leave a message on our Contact Us page.

 

 GENERAL

1.1. About Our Privacy Policy

We are committed to protecting your privacy. This privacy policy applies to all the web pages related to the Site.

The personal information gathered through details submitted via the Site will not be used for anything other than that which is stated in the Terms and Conditions. Such gathered personal information may be stored and used by us indefinitely in order to fulfil our services, which include the promotion of our products and services.

Through your use of the Site, you signify your acceptance of our Privacy Policy. Should you not agree to this policy, please do not continue to use the Site. Your continued use of the Site following the posting of changes to the Privacy Policy will be deemed as your acceptance of those changes.

 

COOKIES POLICY

2.1. What Are Cookies?

Like most websites, www.zappAD.co.za uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smartphones or tablets) as you browse this website. They are used to remember when your computer or device accesses our website, and also help us keep track of information needed as you move from page to page (for example, the contents of your shopping cart).

Cookies are essential for the effective operation of our website and to help you manage your profile and payments. They are also used to tailor the products and services offered and advertised to you, both on our websites and elsewhere.

 

2.2. Information Collected

Some cookies collect information about browsing and purchasing behaviour when you access this website via the same computer or device. This includes information about pages viewed, products purchased or added to your cart and your journey around a website. We do not use cookies to collect or record information on your name, address or other contact details. ZAPPAD can use cookies to monitor your browsing and purchasing behaviour.

 

2.3. How Are Cookies Managed?

The cookies stored on your computer or other device when you access our websites are designed by:

  • ZAPPAD, or on behalf of ZAPPAD, and are necessary to enable you to a make payment on our website.
  • Third parties who collect analytical data (namely Google Analytics and Social Media platforms).

 

2.4. What Are Cookies Used For?

The main purposes for which cookies are used are:

  • For technical purposes essential to effective operation of our website, particularly in relation to online transactions and site navigation.
  • To enable ZAPPAD to collect information about your browsing and usage patterns, including to monitor the success of campaigns etc.

 

2.5. What Happens If I Disable Cookies?

This depends on which cookies you disable, but in general the website will not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our site, some buttons will become inactive, and some navigation functionality will be lost.

 

OUR CUSTOMER DATABASE

3.1 About Our Customer Database

We have our own customer database which is stored on servers and is never transferred, duplicated or backed up outside of the Republic of South Africa. Stringent measures are in place to prevent unauthorised access to this database, including IP locking and strong “need to know basis” access policies.

 

3.2. Who Has Access?

Access to the raw data is limited to a very small handful of people who legitimately need to use it within ZAPPAD, as well as senior partners at our third party web development company, Digital Interactive – www.di.co.za

Our customer experience team and finance team, via the administration section of our website, have access to all customer details including name, physical address, email address, order history and transactions. Only the head of department can access the raw underlying data.

Our web development team, employed by our third party provider, work with an anonymised copy of the live database (the same underlying data, but with all references to identifiable personal information scrambled, including names, email addresses, postal addresses, and phone numbers).

 Access keys for our various third party services are stored securely external to the code to which developers have access.

 

CREATING A ZAPPAD ACCOUNT

4.1. Activities That Require An Account

Certain activities you might perform on our website require you to have an ZAPPAD  account. These include:

  • Buying products
  • Viewing products
  • Advertising on zappAD as an Advertiser

 

When you create an account, we ask for your personal details (such as first and last names), your login details (such as email address and a password), your contact details (such as your cellphone number and physical address).

When you create an account, your password is stored encrypted using an industry standard password hashing mechanism which isn’t reversible, so nobody can find out what your password is in plain text. We encourage our customers to use difficult to guess passwords or passphrases, and to use a password manager to discourage password sharing between websites.

 

4.2. How To Keep Your Data Up To Date

You can update your data on the My Profile page once you have successfully logged in. Alternatively, you can leave a message on our Contact Us page we will update it on your behalf.

 

4.3. How Long Do We Keep Your Account Data

We will retain your ZAPPAD account data indefinitely.

Your account can either be suspended or terminated depending on the reason for investigation or cancellation of your account, however, we cannot remove every detail of your account. If you have ever bought anything from us we are required by law to retain financial records for at least 5 (five) years, so we will not be able to completely remove you if you have made any payments more recently than this (see the OUR ADVERTISER section below for more details).

 

OUR ADVERTISER SECTION

5.1. About Our Advertiser Section

If you advertise on zappAD, you are required to log into your account or to create an account in order to process the subscription payment. This is to enable us to fulfill our contractual obligation to you which begins at the point of sale.

 

5.2. Who Deals With Our Payments

Our Payment Service Provider for Credit Card and Debit Order transactions is PayFast and PayPal.

PayFast/PayPal provides a secure payment gateway, processing payments for thousands of online businesses, including ours. It is PayFast/PayPal’s utmost priority to ensure that transaction data is handled in a safe and secure way.

PayFast/PayPal uses a range of secure methods. Once on the PayFast/PayPal systems, all sensitive data is secured using internationally recognised encryption standards.

PayFast/PayPal is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits from a certified Qualified Security Assessor (QSAs). They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.

 

5.3. Who Has Access To Financial Data

Access to our PayFast/PayPal data is restricted to our customer experience and finance teams. The heads of our web and operations teams (including our senior partners at our web development company, Digital Interactive) also have access in order to be able to manage the integration with our site, and act as tier 3 level support in case of unusually problematic transactions. The financial team can request and confirm manual payments.

 

5.4. Transactional Emails

You will receive an email to confirm your credit card or debit order transaction and payment and that your order has been fully processed. EFT transactions will receive an email with confirmation for your order in process and will receive a second email to confirm your payment.

 

OUR PRODUCTS

6.1. Advertising

In order to Advertise Products via your subscription plan, you have to be logged in.

We log information about the progress of your downloaded content (the number of downloads of a listing), including your operating system and IP address. We do this so that our customer experience team can diagnose problems more effectively if something goes wrong, as well as for the purpose of recognising and preventing unusual advertising activities.

This data may also be used statistically to help us improve the quality, reliability and speed of our advertsing service.

 

6.2. Updating

We update our documents, products and the Site from time to time, either to fix errors and bugs or to add new features. These updates are typically free for all existing users. In order for us to be able to notify you via email of important updates, we must retain your account email address and your order history.

 

CUSTOMER EXPERIENCE

7.1. Contact Us

At ZAPPAD  we want satisfied customers. In order for us to help you we will often need to know a little bit about you. If you leave a message on our Contact Us page you will be required to leave your name, email and contact number along with your message.

 

7.2. Email

You can contact us via email at the appropriate email addresses provided on our website.

In the process of servicing your request, you may have to provide details about your account (if applicable) in order for us to help you. Additionally, we may ask for personal or financial information; or details of your order history; or your hardware and software. All such information may be retained for future reference.

 

7.3. How Long We Keep Your Service Data

We retain all customer service requests (including messages and emails) indefinitely. This is to ensure that we have a full case history of any problems you may have experienced in the past, and can refer back to these when necessary.

 

ANALYTICS AND STATISTICS

8.1. Google Analytics

When someone visits www.zappAD.co.za we use a third party service, Google Analytics, to collect standard internet log information (e.g. geographical location, OS and browser information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

 

Besides members of our own internal marketing team, the other third party who have access to Google Analytics information is Mindmuzik Technologies, who administer the analytics service integration on our behalf.

 

 

OUR DATA BREACH POLICY

9.1. Disclaimer

We have taken all reasonable steps to safeguard the privacy of information provided by you, but we do not make any representations or warranties that the information provided by you, whether personal information, or otherwise, is absolutely safe and secure. Should a data breach occur, we will take immediate measures to stop it and minimise its impact.

 

9.2. What Is A Data Breach?

We consider a data breach to be one or more of the following:

  • Loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad / tablet device, or paper record).
  • Equipment theft or failure.
  • System failure.
  • Unauthorised use of; access to or modification of data; or information systems.
  • Attempts (failed or successful) to gain unauthorised access to information or IT system(s).
  • Unauthorised disclosure of sensitive / confidential data.
  • Website defacement.
  • Hacking attack.
  • Human error.
  • ‘Blagging’ offences where information is obtained by deceiving the organisation who holds it.

 

9.3. Investigation and Containment

If we discover or are notified of any of the above:

 

We will firstly determine whether the breach is ongoing, and if so, take immediate measures to stop it and minimise its impact.

 

Secondly, we will investigate the extent and severity of the breach and assess the risks associated with it, for example, the potential adverse consequences for individuals, how serious or substantial those are and how likely they are to occur. This investigation will consider the following:

  • The type of data involved.
  • Its sensitivity.
  • The protections which are in place (e.g. encryptions).
  • What has happened to the data (e.g. has it been lost or stolen).
  • Whether the data could be put to any illegal or inappropriate use.
  • Data subject(s) affected by the breach, number of individuals involved and the potential effects on those data subject(s).
  • Whether there are wider consequences to the breach.

 

9.4. Notification

After investigating the breach, we will determine whether it is necessary to report it, and if so, will do so within a maximum of 72 hours of becoming aware of the breach, if possible.

 

Every incident will be assessed on a case by case basis. The following will be considered:

  • Whether the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms under the Protection of Personal Information Act (“POPIA”).
  • Whether notification would assist the individual(s) affected (e.g. could they act on the information to mitigate risks?)
  • Whether notification would help prevent the unauthorised or unlawful use of personal data.
  • Whether there are any legal / contractual notification requirements.
  • The dangers of over notifying. Not every incident warrants notification and over notification may cause disproportionate enquiries and work.

 

Individuals whose personal data has been affected by the incident, and where it has been considered likely to result in a high risk of adversely affecting that individual’s rights and freedoms will be informed without undue delay. Notification will include a description of how and when the breach occurred and the data involved. Specific and clear advice will be given on what they can do to protect themselves, and include what action has already been taken to mitigate the risks. Individuals will also be provided with a way in which they can contact us for further information or to ask questions on what has occurred.

 

We will consider notifying third parties such as the police, insurers, banks or credit card companies. This would be appropriate where illegal activity is known; or is believed to have occurred; or where there is a risk that illegal activity might occur in the future.

 

We will consider whether our marketing team should be informed regarding a press release and to be ready to handle any incoming press enquiries.

 

An internal record will be kept of any personal data breach, regardless of whether notification was required.

 

9.5. Evaluation and Response

Once the initial incident is contained, we will carry out a full review of the causes of the breach, the effectiveness of the response(s) and whether any changes to systems, policies and procedures should be undertaken.

 

Existing controls will be reviewed to determine their adequacy, and whether any corrective action should be taken to minimise the risk of similar incidents occurring.

The review will consider:

  • Where and how personal data is held and where and how it is stored.
  • Where the biggest risks lie including identifying potential weak points within existing security measures.
  • Whether methods of transmission are secure; sharing minimum amount of data necessary.
  • Staff awareness.

 

If deemed necessary, a report recommending any changes to systems, policies and procedures will be considered by the ZAPPAD  board.