Skip to main content
discover new mini kits 🎁 | free delivery on orders R400+
 


popi policy

You, as the Disclosing Party, hereby consent to and are bound by this POPI Policy / Privacy Statement (“Privacy Statement”) of [Lelive Africa (Pty) Ltd, 70 Newlands Avenue, Newlands, Cape Town, 7700, K2020441079] (“Recipient”) in relation to the processing by the Recipient of the personal information of the Disclosing Party. This Privacy Statement is effective as of the date of consent hereto or the effective date of any main agreement incorporating the terms of this Privacy Statement by reference (“Agreement”), whichever is earlier.

DEFINITIONS

  • Affiliate: Means, with respect to any entity, any other entity Controlling, Controlled by, or under common Control with such entity, for only so long as such Control exists.
  • Associated Personnel: Means any staff member, independent contractor, agent or the like of the Recipient.
  • Control: Means the direct or indirect ownership of more than 50% of the voting capital or similar right of ownership of an entity, or the legal power to direct or cause the direction of the general management and policies of that entity, whether through the ownership of voting capital, by contract or otherwise. Controlled and Controlling shall be construed accordingly.
  • Data Protection Laws and Regulations: Means all mandatory laws and regulations, including laws and regulations of RSA, applicable to the Processing of Personal Information, including but not limited to, the POPI Act and any amendment or replacement thereof.
  • Data Subject: Means the individual to whom Personal Information relates as defined in section 1 of the POPI Act.
  • Disclosing Party: Means the natural or juristic person who consents to the terms of this Privacy Statement or agrees to an Agreement incorporating the terms of this Privacy Statement by reference, and for the purposes of this Privacy Statement, is the Data Subject.
  • Operator: Means a person as defined in section 1 of the POPI Act.
  • Personal Information: Means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, as defined in section 1 of the POPI Act.
  • POPI Act: Means the Protection of Personal Information Act 4 of 2013 as may be amended from time to time.
  • Processing: Means processing as defined in section 1 of the POPI Act.
  • Recipient: Means the person which Processes Personal Information of the Disclosing Party, as defined in the preamble above. For the purposes of this Privacy Statement, the Recipient and/or Affiliates are the Responsible Parties.
  • RSA: Means the Republic of South Africa.
  • Responsible Party: Means the person which determines the purpose and means for which Personal Information is Processed, as defined in section 1 of the POPI Act.
  • Supervisory Authority: Means the Information Regulator as established in RSA, pursuant to the POPI Act.

PROCESSING OF PERSONAL INFORMATION

  • The Disclosing Party hereby consents to the Processing of their Personal Information in accordance with this Privacy Statement.
  • The Recipient shall comply with Data Protection Laws and Regulations.
  • For the avoidance of doubt, Disclosing Party’s instructions to the Recipient for the Processing of Personal Information must comply with Data Protection Laws and Regulations. In addition, Disclosing Party shall have sole responsibility for the accuracy, reliability, integrity, quality, and legality of Personal Information, and the means by which Disclosing Party acquired Personal Information, including providing any required notices to, and obtaining any necessary consent from, its employees, agents or third parties, if applicable.
  • The Recipient will not sell, share, or rent Disclosing Party’s Personal Information to any third party or use Disclosing Party’s phone number for unsolicited messages, without the express consent of the Disclosing Party. Any messages sent by the Recipient will only be pursuant to this Agreement.

It is expressly stated that the Recipient agrees and warrants:

  1. That the Processing of Personal Information shall be carried out in accordance with the relevant provisions of the Data Protection Laws and Regulations and does not violate the relevant provisions of the POPI Act.
  2. That it shall throughout the duration of the Processing process the Personal Information only on the Disclosing Party's behalf and in accordance with the Data Protection Laws and Regulations.
  3. That after assessment of the requirements of the Data Protection Laws and Regulations, the security measures are appropriate to protect Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access to the Personal Information, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the Personal Information to be protected having regard to the state of the art and the cost of their implementation.

The Recipient shall keep the Personal Information of the Disclosing Party confidential and shall only Process Personal Information on behalf of and in accordance with Disclosing Party’s documented and lawful instructions to:

  • Fulfil the purpose set out in the table at the end of this Privacy Statement; and
  • Comply with other documented, reasonable instructions provided by Disclosing Party (for example, via email) where such instructions are consistent with the terms of the Privacy Statement. The Recipient will not process Personal Information outside of RSA without first having obtained Disclosing Party’s consent. Provided the Recipient has sufficient legal framework under the Data Protection Laws and Regulations to process Personal Information outside of the RSA, the Disclosing Party’s consent shall not be unreasonably withheld in respect of the Processing outside of the above two jurisdictions. Disclosing Party takes full responsibility to keep the amount of Personal Information provided to the Recipient to the minimum necessary for the fulfilment of the purpose or otherwise as required by the Recipient. The Recipient shall not be required to comply with or observe Disclosing Party’s instructions if such instructions would violate Data Protection Laws and Regulations.

SCOPE OF PROCESSING

The nature and purpose of Processing of Personal Information by the Recipient is as set out in the table at the end of this Privacy Statement.

RIGHTS OF DATA SUBJECTS

The Disclosing Party shall have the right to:

1. Access and rectify their Personal Information collected by the Recipient. On the request of the Disclosing Party, the Recipient will provide such access as is reasonably practicable and either allow the Disclosing Party to rectify such information themselves or implement any rectifications on behalf of the Disclosing Party.

2. Object to the Processing of their Personal Information if Processing is not:

3. With the Disclosing Party’s consent;
4. Protecting their legitimate interests;
5. Necessary for the proper performance of a public law duty by a public body; or
6. Necessary for pursuing the legitimate interests of the Recipient or its Affiliates,

unless Processing is otherwise permissible under the Data Protection Laws and Regulations or this Privacy Statement.

7. Object to the Processing of their Personal Information for the purposes of direct marketing other than as allowed by the Data Protection Laws and Regulations.

8. Lodge a complaint with the Supervisory Authority at IR@justice.gov.za.

ASSOCIATED PERSONNEL

Confidentiality

The Recipient shall ensure that its Associated Personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information, have received appropriate training on their responsibilities and have executed written confidentiality agreements or are under general obligations of confidentiality towards the Recipient.

Reliability

The Recipient shall take commercially reasonable steps to ensure the reliability of the Associated Personnel engaged in the Processing of Personal Information.

Limitation of Access

The Recipient shall ensure that access to Personal Information is limited to those Associated Personnel of the Recipient directly involved in the fulfilling of the purpose.

OPERATORS

Appointment of Operators

Disclosing Party acknowledges and agrees that:

  • The Recipient is entitled to retain its Affiliates as Operators; and

  • Subject to clause 6.2 below, the Recipient or any such Affiliate may engage any third parties from time to time to process Personal Information on their behalf and in connection with the fulfilment of the purpose envisaged in Attachment 1 to this Privacy Statement.

Approval of Operators

Except as otherwise provided in this Privacy Statement, the Recipient shall not provide any third party with access to Disclosing Party Personal Information without the prior express approval of Disclosing Party. The Recipient shall provide advanced written notice to the Disclosing Party should it desire to provide a third-party access to Disclosing Party’s Personal Information. Where approval has been granted by Disclosing Party in accordance this section, the Recipient shall:

  • Undertake due diligence on the Operator; and

  • Enter into a written agreement with the Operator that ensures that the Operator Processes the Personal Information in line with this Privacy Statement and Data Protection Laws and Regulations; and

  • Provide Disclosing Party with such information regarding the Operator as Disclosing Party may reasonably require.

SECURITY MEASURES, NOTIFICATIONS REGARDING PERSONAL INFORMATION, CERTIFICATIONS AND AUDITS, RECORDS

Security Measures

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, the Recipient shall implement appropriate organizational and technical measures to ensure the security of the Processing, including but not limited to:

  • The encryption of Personal Information in transit.
  • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.

 

policies.
help.

© 2025 lelive