Legal & Privacy

Privacy Policy
Your Data, Your Rights

Social Wiiv (Pty) Ltd is committed to protecting the personal information of everyone who interacts with our website, platforms, and services. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights under the Protection of Personal Information Act 4 of 2013 (POPIA).

Doc Ref: SW-PP-001
Effective: 3 October 2025
Last Updated: 3 October 2025
About This Policy

Introduction

This Privacy Policy describes how Social Wiiv (Pty) Ltd (“Social Wiiv”, “we”, “us”, or “our”) collects, uses, processes, stores, protects, and discloses personal information when individuals interact with our website, software platforms, applications, services, and related technologies (collectively referred to as the “Platform”).

We process personal information in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”), as well as other applicable data protection laws where required.

POPIA Compliant
All processing is conducted in accordance with the Protection of Personal Information Act 4 of 2013 and its regulations.
Your Rights Matter
You may access, correct, object to, or request deletion of your personal information at any time.
Purpose Limitation
Personal information is collected only for specific, defined purposes and not processed beyond those purposes.
Dual Role
Social Wiiv may act as Responsible Party for its own operations, or as an Operator when processing on behalf of clients.
This Privacy Policy forms part of the legal framework governing the use of the Platform and should be read together with our Terms of Service, Cookie Policy, and any applicable service agreements.
Terminology

Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below. Terms not defined herein shall have the meanings assigned under POPIA.

Data Subject

The natural person or identifiable juristic person to whom Personal Information relates, as defined under POPIA.

Operator

A person or entity that processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party.

Personal Information

Information relating to an identifiable, living natural person or an identifiable existing juristic person, including names, identification numbers, contact details, demographic information, online identifiers, location data, or any other information defined as personal information under POPIA.

Platform

The Social Wiiv software platform, including all related websites, web applications, mobile applications, APIs, services, tools, and technologies provided by Social Wiiv.

Processing

Any operation concerning Personal Information, including collection, receipt, recording, organisation, storage, updating, retrieval, use, dissemination, distribution, transfer, restriction, deletion, or destruction.

Responsible Party

The public or private body or any other person that, alone or in conjunction with others, determines the purpose of and means for processing Personal Information, as defined under POPIA.

Special Personal Information

Personal Information relating to a Data Subject’s race, ethnic origin, political persuasion, religious or philosophical beliefs, health information, biometric information, sexual orientation, criminal behaviour, or any other category classified as special under POPIA.

Client

Any business, organisation, agency, or entity that has entered into an agreement with Social Wiiv to use, license, or deploy the Platform or related services.

Section 3 — POPIA

Responsible Party & Operator Roles

Social Wiiv may process personal information in different capacities depending on the nature of the interaction. We act either as a Responsible Party or as an Operator.

3.1 Social Wiiv as Responsible Party

Social Wiiv acts as the Responsible Party where it independently determines the purpose of and means for processing personal information. This includes:

  • Visitors to the Social Wiiv website
  • Individuals submitting enquiries, demo requests, or support requests
  • Clients entering into contractual relationships with Social Wiiv
  • Newsletter subscribers or marketing recipients
  • Administrative, billing, or operational communications relating to our services
Legal Entity
Social Wiiv (Pty) Ltd
Registered Address
292 Surrey Avenue, 1st Floor
Ferndale, Randburg, 2194
South Africa
Registration No.
2013/208360/07
Website
www.socialwiiv.com
3.2 Social Wiiv as Operator

Where the Platform is deployed by a Client to collect or manage personal information relating to the Client’s employees, customers, or participants, the Client remains the Responsible Party. Social Wiiv acts solely as an Operator, processing personal information strictly in accordance with the Client’s documented instructions.

3.4 Operator Safeguards

Where Social Wiiv acts as an Operator, it implements appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised access, or unlawful processing, as required under Section 19 of POPIA.

Section 18 Notice

Information We Collect

We collect personal information through multiple channels. We collect only what is adequate, relevant, and not excessive for the stated purpose.

No Special Data

Social Wiiv does not intentionally collect Special Personal Information (race, health, biometric, religious beliefs, criminal behaviour) unless required by law or explicitly authorised by the Data Subject.

4.1 Information You Provide Directly
Contact & Enquiry Forms
Full name, email address, company name, phone number, and your message when you submit an enquiry or request a demo.
Newsletter Subscriptions
Email address and name when you subscribe to our Insights newsletter or marketing communications.
Client Account Information
Business details, billing information, and authorised user credentials when you enter into a service agreement with us.
Support Communications
Information contained in support tickets, emails, or calls, including details necessary to resolve your query.
4.2 Information Collected Automatically
Analytics Data
Pages visited, session duration, traffic sources, and browser/device type collected via Google Analytics where you have consented.
Technical Identifiers
IP address, browser type, operating system, and referring URL collected by our hosting infrastructure for security and performance purposes.
Cookie Data
Theme preferences (essential) and, with your consent, analytics and marketing cookies. See our Cookies section for full details.
Usage Logs
Server access logs including timestamps, pages requested, and response codes, retained for security monitoring and debugging.
4.3 Information via Client Deployments

Where Social Wiiv provides the Platform to a Client for use in campaigns, loyalty programs, staff engagement, or other services, personal information relating to end-users may be collected through the Client’s deployment. This may include registration data, demographic information, participation data, survey responses, uploaded content, and purchase verification information. In such circumstances, the Client remains the Responsible Party and Social Wiiv acts solely as an Operator.

Section 5 — POPIA

Lawful Basis for Processing

Social Wiiv processes personal information only where there is a lawful basis to do so in accordance with POPIA and other applicable data protection laws.

01
Consent

We process personal information where the Data Subject has voluntarily provided explicit or implied consent, including newsletter subscriptions, cookie acceptance, campaign participation, or online form submissions. Where processing is based on consent, it may be withdrawn at any time without affecting the lawfulness of prior processing.

02
Contractual Necessity

We process personal information where necessary for the performance of a contract or to take steps at the request of a Data Subject prior to entering into a contract. This includes creating accounts, delivering services, administering client agreements, providing support, and managing billing obligations.

03
Legal Obligation

We may process personal information where necessary to comply with legal or regulatory obligations imposed under applicable laws, including POPIA, the Companies Act, the Tax Administration Act, the Value Added Tax Act, and lawful requests from courts, regulators, or government authorities.

04
Legitimate Interests

We may process personal information where reasonably necessary for the legitimate interests of Social Wiiv or a third party, provided such interests do not override the fundamental rights and freedoms of the Data Subject. This includes maintaining Platform security, preventing fraud, monitoring system performance, and protecting our legal rights.

05
Processing on Behalf of Clients

Where Social Wiiv processes personal information on behalf of Clients using the Platform, the Client determines the lawful basis for such processing as the Responsible Party. Social Wiiv acts solely as an Operator in these circumstances.

Purposes & Lawful Basis

How We Use Your Information

Every use of your personal information is grounded in a specific purpose and a lawful basis under POPIA. We will not process personal information in a manner incompatible with those purposes.

01
Provision of Services

Basis: Contractual necessity. To provide, operate, maintain, and support the Platform, including creating accounts, enabling platform functionality, and ensuring proper operation of our services.

02
Communication & Support

Basis: Consent / Contractual necessity. To respond to enquiries, provide technical support, send service-related communications, manage support requests, and address complaints or feedback.

03
Marketing & Newsletter Communications

Basis: Consent. We send our Insights newsletter and marketing updates only to individuals who have explicitly subscribed. You may unsubscribe at any time via the link in every email.

04
Website Analytics & Improvement

Basis: Consent / Legitimate interest. Where you have consented to analytics cookies, we use aggregated usage data to understand how our website is used and to improve content and navigation. Where possible, analytics activities are conducted using aggregated or anonymised data.

05
Security & Fraud Prevention

Basis: Legitimate interest. To maintain the security, integrity, and reliability of the Platform. This includes monitoring for suspicious activity, preventing unauthorised access, detecting abuse, and enforcing platform policies.

06
Legal & Regulatory Compliance

Basis: Legal obligation. We retain certain records as required by South African law, including the Companies Act, Income Tax Act, and VAT Act, and may disclose information in response to lawful court orders or regulatory requests.

Section 7 — POPIA

Client Responsibility for Platform Data

Where the Platform is made available to a Client for campaigns, promotions, loyalty programs, staff engagement, or other digital services, the Client shall be deemed the Responsible Party for all personal information collected within that deployment.

Client as Responsible Party

The Client determines the purposes for which personal information is collected and processed. The Client is solely responsible for determining the lawful basis, providing appropriate privacy notices, obtaining required consents, ensuring lawful and fair processing, and complying with all applicable data protection laws.

Social Wiiv as Operator

Social Wiiv processes personal information on behalf of the Client only to the extent necessary to provide the Platform and related services, and in accordance with the Client’s documented instructions. Social Wiiv does not independently determine the purposes or means of processing personal information submitted by end-users through a Client’s use of the Platform.

Client Data Warranty

The Client represents and warrants that it has the lawful authority to collect and provide any personal information submitted to the Platform and that such information has been collected in compliance with applicable data protection laws. The Client agrees not to upload, submit, or otherwise process personal information through the Platform in violation of applicable laws or the rights of any Data Subject.

Client Liability

Social Wiiv shall not be responsible for the Client’s collection, use, disclosure, or processing of personal information within the Client’s deployment of the Platform, except to the extent that such processing results directly from Social Wiiv acting outside the Client’s documented instructions or in breach of applicable law.

Cookie Notice

Cookies & Tracking

We use cookies and similar technologies on our website. In line with POPIA, we request your explicit consent before placing any non-essential cookies.

In addition to cookies, we may use related technologies including web beacons, pixels, tags, local storage, and analytics scripts for operational, analytical, and security purposes.

Essential Cookies Always Active

Required for the website to function. Includes your theme preference (dark/light mode) stored in localStorage. These cannot be disabled through the cookie consent mechanism. No personal data is sent to external servers.

Preference Cookies Consent Required

Enable the website to remember user settings and preferences such as language selection, theme configuration, or other interface customisations that improve usability.

Analytics Cookies Consent Required

Google Analytics cookies (_ga, _ga_*) are placed only with your explicit consent. They collect anonymised usage data including pages visited, session duration, and referral source. You may withdraw consent at any time.

Marketing Cookies Consent Required

Marketing and retargeting cookies may be placed by third-party advertising partners only with your explicit consent. These may be used to build audience profiles and deliver relevant content across platforms.

Cookie consent is stored in localStorage under the key sw-cookie-consent. You can clear this at any time using the Manage Cookie Preferences button above or by clearing your browser storage. Records of cookie consent may be retained to demonstrate compliance with applicable data protection laws.

Section 21 — POPIA

Third-Party Processors

We engage trusted third-party service providers (Operators) to support the delivery of our website and services. Each processor is bound by contractual obligations and processes data only on our documented instructions.

We Do Not Sell Data

No third party receives your personal information for their own commercial purposes. Processors may only use data to provide the specific service contracted.

Third-Party Processors are contractually required to implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, or unlawful processing. Social Wiiv periodically reviews its processors to ensure they maintain appropriate standards.

Processor
Service
Location
Safeguard
Afrihost
Domain Registration
South Africa
Local processing — no cross-border transfer
Microsoft 365
Productivity & Collaboration
USA
Microsoft Data Processing Agreement + SCCs
GitHub (Microsoft)
Version Control & Deployment
USA
GitHub DPA + SCCs; code only — no end-user PII stored
LinkedIn
API Integration
USA
LinkedIn API T&Cs; OAuth-based — only authorised data accessed

SCCs = Standard Contractual Clauses as contemplated in Section 72 of POPIA for cross-border transfers. This processor list is reviewed annually and updated when processors change.

Cross-Border Transfers

Where personal information is transferred outside South Africa, Social Wiiv ensures compliance with Section 72 of POPIA by ensuring the recipient is subject to adequate data protection laws, binding corporate rules, or contractual safeguards such as Standard Contractual Clauses.

Section 19 — POPIA

Security Measures

We maintain appropriate technical and organisational measures to protect your personal information against loss, damage, unauthorised access, or unlawful processing, as required under Section 19 of POPIA.

These safeguards are designed to ensure the confidentiality, integrity, and availability of personal information processed through the Platform. While Social Wiiv implements reasonable safeguards, no method of electronic transmission or storage is completely secure.

Full details of our security infrastructure, encryption standards, access controls, and incident response procedures are available in our Security & Trust Centre.

View Security & Trust Centre
TLS 1.3 in Transit
AES-256 at Rest
Role-Based Access
MFA for Admin Access
Breach Notification
24/7 Infrastructure Monitoring
Vulnerability Management
Secure Dev Practices
Data Breach Procedures

Where required under Section 22 of POPIA, Social Wiiv will notify the Information Regulator and affected Data Subjects as soon as reasonably possible after becoming aware that personal information has been accessed or acquired by an unauthorised person.

Section 14 — POPIA

Retention & Disposal

Personal information is kept only for as long as necessary to fulfil the purpose for which it was collected or as required by South African law. On expiry, information is securely deleted or irreversibly anonymised.

Social Wiiv may retain personal information longer where necessary to comply with legal obligations, respond to regulatory requests, establish or defend legal claims, or preserve evidence in connection with disputes or litigation.

Information Category
Retention Period
Basis
Newsletter subscribers
Until unsubscribe or 3 years inactive
Consent
Client account & platform data
Duration of relationship + reasonable period thereafter
Contractual necessity
Financial & billing records
5 years after transaction
Legal obligation (SARS)
Server / security access logs
90 days (rolling)
Legitimate interest / security
Client deployment data
Per Client instructions
Client as Responsible Party
Secure Disposal

Where personal information is no longer required, Social Wiiv takes reasonable steps to ensure it is securely deleted, permanently destroyed, or anonymised so that it can no longer be associated with an identifiable Data Subject.

Chapter 2 & 3 — POPIA

Your Rights as a Data Subject

POPIA grants you enforceable rights in relation to your personal information. We are committed to honouring all requests within the 30-business-day statutory period.

Right of Access

Request a copy of the personal information we hold about you and confirmation of how it is being used.

Right to Correction

Request that we correct, update, or rectify personal information that is inaccurate, incomplete, misleading, or outdated.

Right to Deletion

Request destruction, deletion, or de-identification of your personal information where we are no longer authorised to retain it.

Right to Object

Object to processing of your personal information, including direct marketing or processing based on legitimate interests, at any time.

Withdraw Consent

Withdraw previously given consent at any time. Withdrawal does not affect the lawfulness of prior processing.

Opt Out of Marketing

Unsubscribe from marketing communications at any time via the link in any email or by contacting us directly.

Right to Complain

Lodge a complaint with the Information Regulator if you believe we have violated your rights under POPIA.

Breach Notification

Be notified if your personal information has been compromised, in accordance with Section 22 of POPIA.

To exercise any right, contact our Information Officer — see the Contact Us section below. We respond within 30 business days.

Where Social Wiiv processes personal information on behalf of a Client as an Operator, requests relating to access, correction, or deletion should be directed to the relevant Client as the Responsible Party.

Additional Provisions

Further Policy Provisions

This Privacy Policy also addresses the following areas. For a comprehensive version of any section, please contact our Information Officer.

Children’s Privacy

Social Wiiv does not knowingly collect personal information from individuals under 18 years without parental or guardian consent. Where Clients deploy the Platform for services involving minors, the Client is responsible for obtaining appropriate consents.

Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, personal information may be transferred to the successor entity. Social Wiiv will take reasonable steps to ensure data protection continuity and provide notice where required.

Automated Processing

Certain platform features use automated processing including points allocation, fraud detection, and notification triggers. Social Wiiv ensures automated processes are fair, transparent, and subject to appropriate human oversight.

Limitation of Liability

To the fullest extent permitted by law, Social Wiiv does not warrant absolute security of transmitted or stored information. Social Wiiv shall not be liable for indirect, incidental, or consequential damages arising from use of the Platform or processing of personal information.

Governing Law

This Privacy Policy is governed by the laws of the Republic of South Africa, including POPIA. The courts of South Africa have exclusive jurisdiction over disputes arising from this policy or the processing of personal information by Social Wiiv.

Policy Updates

This Privacy Policy may be updated periodically. Where material changes are made, we will notify affected individuals by email or prominent website notice at least 30 days before the change takes effect.

Version Control

Changes to This Policy

Annual Review

This Privacy Policy is reviewed at least annually by our Information Officer to reflect changes in legal requirements, regulatory guidance, operational practices, or technological developments. The “Last Updated” date at the top of this document reflects the most recent revision.

Material Changes

Where a change materially affects how we process your personal information, we will notify you by email (if you are a subscriber or client) and display a prominent notice on our website for at least 30 days before the change takes effect.

Continued Use

Your continued use of our website or services after any change to this policy constitutes acceptance of the updated terms to the extent permitted by applicable law. If you do not agree with the changes, you should discontinue use and contact us to request deletion of your data.

Exercise Your Rights

Contact Our Information Officer

For all privacy-related enquiries, data subject requests, or concerns about how we handle your personal information, please contact our Information Officer. We acknowledge receipt within 3 business days and respond substantively within 30 business days.

Identity verification may be required before responding to certain requests to protect personal information from unauthorised disclosure.
Information Officer
Baron Marshall
Director
Social Wiiv (Pty) Ltd

Use subject line: “Privacy Request — [Your Name]”

Deputy Information Officer
Andre du Preez
Chief Technical Officer
Social Wiiv (Pty) Ltd

Technical data protection & day-to-day request handling.

Social Wiiv (Pty) Ltd
Registered in South Africa | Reg No. 2013/208360/07
292 Surrey Avenue, 1st Floor, Ferndale, Randburg, 2194
Related Documents
POPIA Compliance Notice
Security & Trust Centre
Cookie Policy
Information Regulator
If your concern is not resolved, you may lodge a complaint with the Information Regulator of South Africa.
inforeg@justice.gov.za
+27 12 406 4818
Cookie Preferences
Manage your cookie settings  Change or withdraw cookie consent at any time.