Privacy Policy

At Social Places (Pty) Ltd (reg: 2018/447857/07) (“Social Places”) we adhere to the highest standards of protecting your personal data when we process it by virtue of your use of our Services or our Platform https://socialplaces.io/ or any related platforms (collectively, “the Platform”), or by providing us with your personal data in any other way. As such, we have created this privacy policy for you to read and to understand how we safeguard your personal data and respect your privacy (“Privacy Policy”).

Please note that Social Places is a private company duly registered and operating in accordance with the laws of the Republic of South Africa and is an ISO 27001 certified organisation.

Not all terms are necessarily defined in order or may be defined in our Terms and Conditions of Use (“Terms”).

Please ensure that you read all the provisions below, and our policies and guidelines which may apply from time to time, to understand all of your, and our, rights and duties.

 

Important Information

Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how we collect and process your personal data through any form of your engagement with us. This Privacy Policy complies with, and facilitates the obligations required from, the South African Protection of Personal Information Act, No. 4 of 2013 (“POPI”), as amended.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your personal data. This Privacy Policy supplements the other notices and is not intended to override them.

We do not process the data of minors nor special categories of personal data. Do not provide us with any such personal data, as it will constitute an immediate and automatic material breach of this Privacy Policy and our Terms.

 

Responsible Party and Operator

Social Places is the “Responsible Party” and is responsible for your personal data when we decide the processing operations of your personal data. In certain instances, we operate as an “Operator” of personal data on behalf of a responsible party who use our services. In that case, that responsible party’s privacy policy will apply to your use of their services.

We have appointed an information officer at Social Places who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our information officer using the details set out below.

 

Our Contact Details

Legal entity:                          Social Places (Pty) Ltd

Information Officer:               Chris Hirst

Email address:                       dpo@socialplaces.io

Postal address:                      7 Namar Street, Sanddrift, Cape Town, 7441

You have the right to make a complaint at any time to the South African regulator’s office (Information Regulator’s Office of South Africa). We would, however, appreciate the chance to deal with your concerns before you approach any such regulator, so please contact us in the first instance.

 

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”).

We may collect, use, store, and transfer (“process”) different kinds of Personal Data about you which we have grouped together as follows:

  • Identity Data including full name, or the information about your company such as company name and company registration details.
  • Contact Data including email address, physical/registered addresses, and contact phone numbers.
  • Account Data including all the data and information integrated and shared with Social Places through your account.
  • Social Media Data including all information accessible through your public social media account or information exchanged between you and Social Places including messages or comments.
  • Financial Data including bank account details and invoicing information.
  • Transaction Data including details about payments to and from you, contracts, contractual terms, contract fees, signups, subscriptions, invoices and other details of products and services you have obtained from us, or provide to us.
  • Marketing and Communications Data including your preferences in receiving notices and marketing from us and our third parties and your communication preferences as well as details of which communications were sent to you and how they were sent.

 

Usage Data

We may also collect information how the Service is accessed and used (Usage Data). This Usage Data may include information such as your computers Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

 

Aggregated Data

We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Platform feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

 

Tracking and Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services or allow you to provide us with your services). In this case, we may have to cancel Platform-access or Services you have with us, but we will notify you if this is the case at the time.

 

Collection of Data

We use different methods to collect Personal Data from and about you, including through:

Direct interactions: You may give us your Personal Data by using our services, or by corresponding with us through any means. This includes Personal Data you provide when you:

  • use our Services;
  • use our Platform;
  • contract with us;
  • provide any services to us as a service provider or independent contractor on contract with us;
  • request information to be sent to you;
  • give us some feedback.

Automated technologies or interactions: As you interact with our Platform, we may automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We may collect this Personal Data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other Platforms employing our cookies.

Third parties: We may receive Personal Data about you from various third parties such as:

  • analytics providers;
  • marketing platforms;
  • social media platforms;
  • search information providers; and
  • financial service providers.

 

Use of Data

We will only use your Personal Data when the law allows us to and for legitimate reasons, which you hereby expressly understand and consent to. Most commonly, we will use your Personal Data in the following circumstances:

  • where we have your express consent to do so;
  • where we need to consult with you or perform on the Services contract we are about to enter into or have entered into with you;
  • where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
  • where we need to comply with a legal or regulatory obligation.

Social Places uses the collected data for various purposes:

  • To provide and maintain the Service.
  • To notify you about changes to our Service.
  • To allow you to participate in interactive features of our Service when you choose to do so.
  • To provide customer care and support.
  • To provide analysis or valuable information so that we can improve the Service.
  • To monitor the usage of the Service.
  • To detect, prevent and address technical issues.
  • To contract with you as a service provider to Social Places.
  • To provide it to our authorised service providers who need your Personal Data to provide their services to you.
  • To process and service your payment for any Services rendered by Social Place or its service providers.
  • To manage payments, fees, and charges.
  • To meet our regulatory and compliance requirements.
  • To manage our relationship with you which may include notifying you about changes to our Terms, Privacy Policy, or Services or the delivery of communications and the effectiveness thereof.
  • To administer and protect our company, Platform and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
  • To use data analytics to improve our Platform, Services, client relationships and experiences.
  • To provide you with direct marketing and make suggestions about Services that may be of interest.

 

Marketing

We strive to provide you with choices regarding how we use your Personal Data, particularly around marketing and advertising. To manifest your rights attached to any marketing sent to you as an existing client, please use the in-built prompts provided on those communications, or contact us.

You will receive marketing communications from us if you have requested our Services, requested information from us, or provided us with your details in any other circumstance and, in each case, have not opted-out of receiving that marketing.

You can ask us to stop sending you marketing messages at any time by using the built-in prompts or contacting us and requesting us to cease or change your marketing preferences. Where you opt-out of receiving marketing messages, this opt-out will not apply to other Personal Data of yours which we process for another lawful basis.

 

Third-Party Marketing

Whilst we may use your Personal Data within our company, we will get your express opt-in consent before we share your Personal Data publicly with any entity outside of Social Places for marketing.

 

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules and where required or permitted by law.

 

Data Retention and Deletion

We will only retain your Personal Data for as long as necessary to fulfil the purpose we collected it for including any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purpose for which we process your Personal Data, any other South African applicable law requiring us to retain the Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We may also anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

 

User Deletion of Data

Please send any data deletion requests to dpo@socialplaces.io and your request will be attended to within 48 hours.

 

Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Our servers are based in Ireland and process and store data in accordance with international data protection laws and regulations such as the EU’s General Data Protection Regulation.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Social Places will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other Personal Data.

 

Disclosure of Data

Legal Requirements

Social Places may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of Social Places
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability
  • Provide the service to the companies we are being contracted from. Where this is information is supplied to the relevant companies, that companies privacy policies will also be in effect.

 

Third Parties

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We may use third-party Service Providers to monitor and analyse the use of our Service.

  • Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy and Terms web page: https://policies.google.com/privacy?hl=en

We may have to share your Personal Data with the Service Providers and other third parties set out below for the purposes set out above.

  • Internal Third Parties including other entities or parties in the Social Places group and their respective directors and employees, acting as joint responsible parties or operators.
  • External Third Parties including:
    • authorised Service Providers under contract with Social Places who need your Personal Data to provide their services to you pursuant to your use of our services (as discussed below);
    • Service Providers (as discussed below) and contractors providing their services to us and acting as operators of your Personal Data on instruction from us;
    • South African or other national governments and/or their respective authorities pursuant to our adherence with legislative requirements; such as tax; and
    • professional advisers acting as operators or joint responsible parties including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services as required.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our company or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our company, we may continue to use your Personal Data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data in accordance with our instructions and standards.

 

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We have also put in place procedures to deal with any suspected Personal Data breach and will notify you and the Information Regulator of a breach where we are legally required to do so.

 

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

 

Children Privacy

Our Service does not address anyone under the age of 18 (Children).

We do not knowingly collect Personal Data from anyone under the age of 18, except in use of the bookings software in which parents provide necessary data, including name and age. If you are a parent or guardian and you are aware that your child or ward has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

 

Changes To This Privacy Policy

This Privacy Policy was last updated on 19 June 2024 and previous versions are archived and can be provided on request.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective, and update the effective date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

 

Software Governance Features

User Feature options:

  • Access to Customer Email or Tel Number
    • Removal on notifications
    • Removal on dashboard
    • Removal on exports
  • Access to export data
  • Removal of customer data from publicly accessible Review links after defined period
  • Two factor authentication for key privileges
  • Optional bookings data hidden after defined period

Password reset required after 3 months, with strong password required (SHA512 encrypted passwords: no plain password saving at all.). Data is anonymised after 5 (five) years.

All services are hosted on Amazon Web Services, all users require 2FA within the organisation to have an account on Amazon Web Services and all services share a VPN (virtual private network). Only senior developers have direct access to the database – passwords expire after a short duration.

GoReview form fields / opt ins are decided on by the client and their data policies in processing this info will be in effect.

If you have any questions about this Privacy & Data Policy, please contact us:

 

Legal Rights

You have rights in relation to your Personal Data where we are the relevant “Responsible Party” over such Personal Data. Please contact us to find out more about, or manifest, these rights:

  • request access to your Personal Data;
  • request correction of your Personal Data;
  • request erasure of your Personal Data;
  • object to the processing of your Personal Data;
  • request a restriction of processing your Personal Data;
  • request transfer of your Personal Data; and/or
  • right to withdraw consent.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Users with citizenships from jurisdictions other than South Africa, please note that we comply with South African data protection laws when processing your Personal Data as we are a South African entity. Should foreign law be applicable to your use of the Services and/or the Platform in any way, including how we may process your Personal Data, please contact us and we will gladly engage with you on your rights.