POPIA Policy/ Privacy Statement

You, as the Disclosing Party, hereby consent to and are bound by this POPI Policy / PrivacyStatement (“Privacy Statement”) of Motion Adspace (Pty) Ltd, 1 Sturdee Avenue, Rosebank, Johannesburg, Gauteng, 2196, 2019/ 503843 / 07 (“Recipient”)in relation to the processing by the Recipient of the personal information of the Disclosing Party. This Privacy Statement is effective as of the date of consent hereto or the effective date of any main agreement incorporating the terms of this Privacy Statement by reference (“Agreement”), whichever is earlier.

1.DEFINITIONS

1.1      “Affiliate” means, with respect to any entity, any other entity Controlling, Controlled by orunder common Control with such entity, for only so long as such Control exists;

1.2       “AssociatedPersonnel” means any staff member, independent contractor, agent orthe like of the Recipient together with customers and/or third parties;

1.3     “Control” means the direct or indirect ownership of more than 50% of the voting capital orsimilar right of ownership of an entity, or the legal power to direct or causethe direction of the general management and policies of that entity, whetherthrough the ownership of voting capital, by contract or otherwise. Controlledand Controlling shall be construed accordingly;

1.4      “DataProtection Laws and Regulations” means all mandatory laws and regulations, including laws and regulations of RSA, applicable to the Processing of Personal Information, including but not limited to, the POPI Act and any amendment or replacement thereof; 

1.5     “DataSubject” means the individual to whom Personal Information relates as defined in section 1 of the POPI Act;

1.6     “DisclosingParty” means the natural or juristic person who consents to the terms of this Privacy Statement or agrees to an Agreement incorporating the terms of this Privacy Statement by reference, and for the purposes of this PrivacyStatement, is the Data Subject;

1.7     “Operator” meansa person as defined in section 1 of the POPI Act;

1.8     “PersonalInformation” means information relating to an identifiable, living,natural person, and where it is applicable, an identifiable, existing juristicperson, as defined in section 1 of the POPI Act;

1.9     “POPIAct” means the Protection of Personal Information Act 4 of 2013 as maybe amended from time to time;

1.10    “Processing” meansprocessing as defined in section 1 of the POPI Act; 

1.11    “Recipient” meansthe person which Processes Personal Information of the Disclosing Party, asdefined in the preamble above. For the purposes of this Privacy Statement, theRecipient and/or Affiliates are the Responsible Parties;

1.12   “RSA” means the Republic of South Africa;

1.13    “Responsible Party” means the person which determines the purpose and means for which Personal Information is Processed, asdefined in section 1 of the POPI Act; and

1.14    “Supervisory Authority” means the Information Regulator as established in RSA, pursuant to the POPI Act.

2. PROCESSINGOF PERSONAL INFORMATION

2.1     TheDisclosing Party hereby consents to the Processing of their PersonalInformation in accordance with this Privacy Statement.

2.2      The Recipient shall comply with DataProtection Laws and Regulations.

2.3     For the avoidance of doubt, Disclosing Party’sinstructions to the Recipient for the Processing of Personal Information mustcomply with Data Protection Laws and Regulations. In addition, Disclosing Partyshall have sole responsibility for the accuracy, reliability, integrity,quality, and legality of Personal Information, and the means by whichDisclosing Party acquired Personal Information, including providing anyrequired notices to, and obtaining any necessary consent from, its employees,agents or third parties, if applicable.

2.4     TheRecipient will not sell, share, or rent Disclosing Party’s Personal Informationto any third party or use Disclosing Party’s phone number for unsolicitedmessages, without the express consent of the Disclosing Party. Any messagessent by the Recipient will only be pursuant to this Agreement.

2.5     Itis expressly stated that the Recipient agrees and warrants:

2.5.1   thatthe Processing of Personal Information shall be carried out in accordance withthe relevant provisions of the Data Protection Laws and Regulations and doesnot violate the relevant provisions of the POPI Act;

2.5.2   thatit shall throughout the duration of the Processing process the PersonalInformation only on the Disclosing Party's behalf and in accordance with theData Protection Laws and Regulations; and

2.5.3    thatafter assessment of the requirements of the Data Protection Laws andRegulations, the security measures are appropriate to protect PersonalInformation against accidental or unlawful destruction or accidental loss,alteration, unauthorised disclosure or access to the Personal Information, inparticular where the Processing involves the transmission of data over anetwork, and against all other unlawful forms of processing, and that thesemeasures ensure a level of security appropriate to the risks presented by theProcessing and the nature of the Personal Information to be protected havingregard to the state of the art and the cost of their implementation. 

2.6     TheRecipient shall keep the Personal Information of the Disclosing Partyconfidential and shall only Process Personal Information on behalf of and inaccordance with Disclosing Party’s documented and lawful instructions to:

2.6.1  fulfilthe purpose set out in the table at the end of this Privacy Statement; and

2.6.2  comply withother documented, reasonable instructions provided by Disclosing Party (forexample, via email) where such instructions are consistent with the terms ofthe Privacy Statement. The Recipient will not process Personal Informationoutside of RSA without first having obtained Disclosing Party’s consent.Provided the Recipient has sufficient legal framework under the Data ProtectionLaws and Regulations to process Personal Information outside of the RSA, theDisclosing Party’s consent shall not be unreasonably withheld in respect of theProcessing outside of the above two jurisdictions. Disclosing Party takes fullresponsibility to keep the amount of Personal Information provided to theRecipient to the minimum necessary for the fulfilment of the purpose orotherwise as required by the Recipient. The Recipient shall not be required tocomply with or observe Disclosing Party’s instructions if such instructionswould violate Data Protection Laws and Regulations.

3. SCOPEOF PROCESSING 

3.1     Thenature and purpose of Processing of Personal Information by the Recipient is asset out in in the table at the end of this Privacy Statement.

4. RIGHTSOF DATA SUBJECTS

4.1     TheDisclosing Party shall have the right to:

4.1.1   access andrectify their Personal Information collected by the Recipient. On the requestof the Disclosing Party, the Recipient will provide such access as isreasonably practicable and either allow the Disclosing Party to rectify suchinformation themselves or implement any rectifications on behalf of theDisclosing Party;  

4.1.2     objectto the Processing of their Personal Information if Processing is not:

4.1.2.1         withthe Disclosing Party’s consent;

4.1.2.2         protectingtheir legitimate interests;

4.1.2.3         necessaryfor the proper performance of a public law duty by a public body; or

4.1.2.4         necessaryfor pursuing the legitimate interests of the Recipient or its Affiliates,unless Processing is otherwise permissible under the Data Protection Laws andRegulations or this Privacy Statement;

4.1.3     object to the Processing of their Personal Information for the purposes ofdirect marketing other than as allowed by the Data Protection Laws andRegulations; and

4.1.4     lodgea complaint with the Supervisory Authority at complaints.IR@justice.gov.za.

5. ASSOCIATEDPERSONNEL

5.1          Confidentiality.The Recipient shall ensure that its Associated Personnel engaged in theProcessing of Personal Information are informed of the confidential nature ofthe Personal Information, have received appropriate training on theirresponsibilities and have executed written confidentiality agreements or areunder general obligations of confidentiality towards the Recipient.

5.2          Reliability. TheRecipient shall take commercially reasonable steps to ensure the reliability ofthe Associated Personnel engaged in the Processing of Personal Information.

5.3          Limitationof Access. The Recipient shall ensure that access to PersonalInformation is limited to those Associated Personnel of the Recipient directlyinvolved in the fulfilling of the purpose, or in the case of acustomer or third party, wherethe Personal Information has been scraped, bundled and on-sold,alternatively shared with it by the Recipient.

6. OPERATORS

6.1          Appointmentof Operators. Disclosing Party acknowledges and agrees that:

6.1.1     the Recipient is entitled to retain its Affiliates as Operators; and

6.1.2     subjectto clause 6.2 below, the Recipient or any such Affiliate may engage any thirdparties from time to time to process Personal Information on their behalf andin connection with the fulfilment of the purpose envisaged in Attachment 1 tothis Privacy Statement.

6.2          Approvalof Operators. Except as otherwise provided in this Privacy Statement,the Recipient shall not provide any third party with access to Disclosing PartyPersonal Information without the prior express approval of Disclosing Party.The Recipient shall provide advanced written notice to the Disclosing Partyshould it desire to provide a third-party access to Disclosing Party’s PersonalInformation. Where approval has been granted by Disclosing Party in accordancethis section, the Recipient shall: 

6.2.1     undertakedue diligence on the Operator; and 

6.2.2     enterinto a written agreement with the Operator that ensures that the OperatorProcesses the Personal Information in line with this Privacy Statement and DataProtection Laws and Regulations; and 

6.2.3     ProvideDisclosing Party with such information regarding the Operator as DisclosingParty may reasonably require.

7. SECURITYMEASURES, NOTIFICATIONS REGARDING PERSONAL INFORMATION, CERTIFICATIONS ANDAUDITS, RECORDS

7.1          SecurityMeasures. Taking into account the state of art, the costs ofimplementation and the nature, scope, context and purposes of Processing aswell as the risk of varying likelihood and severity for the rights and freedomsof natural persons, the Recipient shall implement appropriate organizationaland technical measures towards a level of security, appropriate to the risk(including risks that are presented by Processing, in particular fromaccidental or unlawful destruction, loss alteration, unauthorized disclosureof, or access to Personal Information transmitted, stored or otherwiseProcessed), including but not limited to:

7.1.1     theencryption of Personal Information in transit;

7.1.2     theability to ensure the ongoing confidentiality, integrity, availability andresilience of processing systems and services;

7.1.3     theability to restore the availability and access to Personal Information in atimely manner in the event of a physical and technical incident; and 

7.1.4     aprocess for regularly testing, assessing and evaluating the effectiveness oftechnical and organisational measures for ensuring the security of theProcessing.

7.2          NotificationsRegarding Personal Information Breach. The Recipient will ensure thatit and its Operators have in place reasonable and appropriate security incidentmanagement policies and procedures as required by the POPI Act, and shallnotify Disclosing Party without undue delay (but in any event within 24 hours)where there are reasonable grounds to believe that there has been, or afterbecoming aware of, the unlawful or accidental destruction, alteration or damageor loss, unauthorized disclosure of, or access to Personal Information,transmitted, stored or otherwise Processed by the Recipient or Operators ofwhich the Recipient becomes aware(hereinafter, a “Personal InformationBreach”), as required to assist the Disclosing Party in ensuring compliancewith its:

7.2.1     obligationsto notify the Supervisory Authority;

7.2.2     obligationsto communicate the Personal Information Breach to the Recipient involved; and

7.2.3     documentationobligation regarding the facts relating to the Personal Information Breach, itseffects, and the remedial action taken. 

7.3          TheRecipient shall make reasonable efforts to identify the cause of such PersonalInformation Breach and take those steps as it deems necessary and reasonable inorder to remediate the cause of such a Personal Information Breach, to theextent that the remediation is within the Recipient’s reasonable control.

7.4          Records. TheRecipient shall maintain complete and accurate written records of theProcessing it undertakes on behalf of Disclosing Party in accordance with DataProtection Laws and Regulations.

8. RETURNOF PERSONAL INFORMATION, COMMUNICATION

8.1          Returnof Personal Information. Unless otherwise required by law, theRecipient and Operators, shall if required in terms of Data Protection Laws andRegulations, upon termination or expiry of the Agreement for whatever reason,either securely delete or return all the Disclosing Party Personal Informationto Disclosing Party in accordance with the Agreement, or in the absence of aspecific destruction provision, the Recipient will ensure it follow sitsstandard Personal Information destruction practices. If the Recipient or its Affiliatesare required to retain a copy of the Personal Information by law, it shallretain that which is required by applicable Data Protection Laws andRegulations for not longer than is reasonably necessary.

9. COOPERATIONWITH SUPERVISORY AUTHORITY

The DisclosingParty and the Recipient as applicable, shall cooperate, on request, with theSupervisory Authority in the performance of its tasks.

10. CONFLICT

If this PrivacyStatement is incorporated into and forms part of any other Agreement, formatters not addressed under this Privacy Statement, the terms of the Agreementapply to the extent of any inconsistency. With respect to the rights andobligation of the parties to each other insofar as it pertains to theProcessing of Personal Information, in the event of a conflict between theterms of the Agreement and this Privacy Statement, the terms of this PrivacyStatement will prevail to the extent of such inconsistency.

The belowincludes certain details of the Processing of Personal Information as required by section 18 of the POPI Act.

Nature andpurpose of Processing

The Recipientand Operators will/may Process Personal Information as necessary to Advertiseon Delivery Drivers Top Boxes, to send anonymised reporting to clients, and topossibly offer further services to the Delivery Drivers that sign-up, providedelivery partners with the option to reach out to the driver to offeradditional work, as well as through scraping and analysing the PersonalInformation, on-selling packets of Personal Information to customers or thirdparties. Failure to provide the Personal Information may mean that theRecipient will be unable to fulfil this purpose, and as such, ismandatory 

 

Categories ofthird parties

PersonalInformation may be shared with the following categories of third parties:

 

·      Clientsand/or potential clients  

·      DataAnalysts•

·      DeliveryPartners

·               Suppliers

·               Customers

Types of Personal Information to be Processed in terms of this Privacy Statement

• First name

• Last name

• Email address

• Date of birth

• ID number

• Passport number

• Phone number and WhatsApp number

• Address

• Credit card information

• Bank information

• Background check

• Criminal history

• Demographic data

• Text, audio, video, or image files

• Nationality

• Number of trips/deliveries completed

• Earnings (gross, net, bonuses, tips, commissions)

• Delivery bike information and registration details (including number plates)

• Top Box type

• Bike ownership details

• Delivery partner details

• Number of online hours and days

• Driving areas and locations

• Next of kin details

• Fleet owner details

• Financial information

• Driver ratings

• Area of operation and work

• Daily, weekly, and monthly operational activity

• Employment/contractor history

• Trip duration

• Trip timestamp and ID

• Timezone information (name and details)

• Trip type and status

• Pickup and drop-off location names and addresses

• Distance traveled and unit of measurement

• Trip fare, expenses, and additional charges

• Payment method (e.g., card, cash)

• Currency used for transactions

• Earnings per trip distance and per minute

• Start and end location geocoordinates (latitude/longitude)

• Campaign and flyer campaign participation

• Other charges or fee adjustments

• Trip timing distributions (morning, afternoon, night)

• Distance per trip and total distances

• Price per km, per trip, and per working/driving hour

We can help you grow your business

Sign up for opportunities and updates.

You've been subscribed. Check you in your inbox!
Oops! Something went wrong while submitting the form.
Working with Uber Eats in South Africa
Motion Adspace (Pty) Ltd T/A MotionAds
company
About usDrivers & Fleet OwnersFleet BrandingIn-home SamplingIn-home Flyer DropsContact
Information
HomeGalleryFAQsPrivacy Policy
resources
BlogCase Studies