Protection of Personal Information Act Compliance.
Introduction
Candibean is committed to protecting the personal information of all users in accordance with South Africa's Protection of Personal Information Act (POPIA). This policy explains how we collect, use, store, and protect your personal data in the Candibean app.
Information We Collect
- Personal identifiers: Name, surname, email, phone number, and account login credentials.
- Wallet and transaction data: Monthly wallet amount, ticket requests, purchases, funding history, and savings pot contributions.
- Payment Tokens: Secure authorization tokens (not full card numbers) used to facilitate seamless Top-Up transactions.
- Search Data: Keywords used in the event search feature to provide results and caching.
- Device and usage data: IP address, device type, app version, and interactions within the app to ensure smooth functionality.
- Communication data: Messages sent through in-app support or customer service interactions.
Purpose of Data Collection
We collect personal information to:
- Operate your entertainment wallet and savings pots effectively.
- Process ticket requests, manage wallet funding, and facilitate pot contributions.
- Deliver digital tickets securely.
- Provide customer support and communicate important updates.
- Improve app performance, features, and security measures.
Lawful Basis for Processing
- Consent: Users consent to the collection and use of their data when creating a wallet account.
- Contractual necessity: Data is needed to provide the wallet service and ticket purchasing function.
- Legal obligation: Some information may be retained to comply with applicable South African law (e.g., FICA).
Data Sharing
- Payment providers: Candibean shares necessary transaction information only with trusted payment processors (Paystack) to complete purchases.
- Event Partners: Search keywords are shared with Ticketmaster to retrieve event listings. No personal user data is sent with these search queries.
- Third-party service providers: Limited information may be shared to facilitate app functionality (e.g., hosting, analytics) under strict confidentiality agreements.
- No marketing sales: Candibean does not sell, rent, or trade personal information for marketing purposes.
Data Security
- Candibean employs encryption, firewalls, and access controls to protect data.
- User passwords and login credentials are stored securely and not shared.
- Payment authorization tokens are stored securely and separately from sensitive personal identity data.
- Regular security audits are conducted to ensure data protection.
User Rights Under POPIA
- Access: You may request a copy of your personal information.
- Correction: You can request that incorrect or incomplete data be updated.
- Deletion: You may request your account and personal information be deleted.
- Objection: You may object to the processing of your personal information for specific purposes, where applicable.
Data Retention
- Personal information is retained only as long as necessary to operate the wallet and fulfill ticket requests.
- Transaction records are retained for legal and accounting purposes as required by South African law.
- Upon account deletion, personal information is removed unless retention is legally required.
Cookies and Analytics
- Candibean may use cookies or similar technology to improve app performance and understand user behavior.
- Cookies do not contain personally identifiable information outside of your app account.
Data Breach Notification
- In the unlikely event of a data breach, Candibean will notify affected users as required by POPIA.
- Steps will be taken immediately to secure data and prevent further incidents.
Changes to This Policy
- Candibean may update this POPIA policy to comply with legal requirements or improve service.
- Users will be notified of material changes within the app.
Contact
For questions or concerns regarding your personal information, contact:
- Email: support@candibean.co.za
- App Support: In-app contact form