“Data Controller” has the meaning set out in the EU GDPR and, to the extent that Processing is done in terms of the Protection of Personal Information Act, 2013 (“POPIA”), includes a “Responsible Party” as defined herein.
“Responsible Party” has the meaning assigned to it in POPIA.
“Data Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller and, to the extent that Processing is done in terms of POPIA, includes an Operator, as defined herein.
“Operator” has the meaning assigned to it in POPIA.
“Data Protection Legislation” means all data protection laws and regulations applicable to Processing under the Privacy Notice, including, but not limited to, the UK Data Protection Act 2018, the UK GDPR, the EU GDPR and POPIA.
“EU GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation).
“UK GDPR” means the adaptation of the EU GDPR which is applicable to the United Kingdom, and which is supplementary to the UK Data Protection Act 2018.
“Data Subject” means the identified or identifiable natural person to whom Personal Data relates and, where required in terms of specific Data Protection Law, includes an identified or identifiable juristic person to which Personal Data relates. The meaning of identifiable natural person is that which is provided in the EU GDPR.
“Personal Data” means any information relating to a Data Subject and, to the extent that Processing is done in terms of POPIA, includes “Personal Information” as defined herein.
“Personal Information” has the meaning assigned to it in POPIA.
“Special Category Data” means any information processing revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and, to the extent that processing is done in terms of POPIA, includes “Special Personal Information” as defined herein.
“Special Personal Information” has the meaning assigned to it in POPIA.
“Personal Data Breach” means a breach of security during provision of the Services leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and “Process”, “Processed” and “Processes” have meanings concomitant therewith.
“Restricted Area” means any territory which, under Data Protection Law, is not recognised by the European Commission as providing an adequate level of protection for Personal Data.
“Sub-processor” means a third-party contracted by a Processor to Process Personal Data.
Data Protection Principles
We will comply with data protection law. This says that the Personal Data we hold about you must be:
Information we collect
Information You Provide Us
The information we collect varies depending on the type of activity you are performing and helps us provide you the products and services you request, personalise and improve your experience and allows us to provide you with opportunities to learn about products and services that may interest you. We may collect the following Personal Information from or about you:
This information is collected at the moment you start using our website, mobile application or any other Services provided by Maholla. This information processing is based on your consent.
Other Information We Collect When You Use Our Website or App
Our Website or App collects certain information automatically about you and your use of our Website or App and services that does not necessarily personally identify you, your interactions with us and information regarding the device you use to access our Website or App (collectively “Other Information”). This information includes:
This information is collected at the time that you use our website or application. This information processing is based on your consent.
We may utilise location services on your mobile device to collect and use location data, including the real-time geographic location of your device. We may obtain the physical location of your device by using satellite, cell phone tower, WiFi, or other technologies or signals. The physical location is used to provide you with a variety of services such as personalised content and/or advertising. We may communicate with you based on your location, and when we do so, we do that through our App’s push notifications. We do not use your geo-location as a basis for sending you text or SMS messages. If you do not want to receive push notifications, you can disable that through your Maholla App Settings. We will collect precise real-time geolocation data only if you consent. You may opt out of using location services using your device’s functionality to do so, but this may degrade the features and functionality that we can provide. Separate from precise geo-location options, our App [constantly or when the App is being utilised] approximates your device location solely for fraud detection purposes.
This information is collected at the time that you use our application. This information processing is based on your consent.
Information from Other Sources
We may collect data that is publicly available such as information you have submitted in public forums, including social media platforms. We may also collect information from third parties such as demographic information and other information that can enhance our existing information about you. We use this information to provide you services and to improve the products and services we deliver to you, including to prevent fraud and/or to verify your identity. This information processing can occur any time during our relationship with you, and is based on our legitimate interest.
Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
When we use tracking technologies, Maholla does not combine your data with data from third parties but rather only uses Maholla’s own data for its business purposes and to operate the App. In other instances, we may not specifically track you in understanding certain aspects of our App or marketing campaigns but instead use probabilistic modelling to estimate certain measurements relating to our App or campaigns.
How Does Maholla Use Your Information?
We use your information to provide you our Website, App, and Maholla program which allows you to engage and intentionally interact with our service. We also use your information to analyse, administer, enhance and personalise our Website and App and the services we provide to you, including our marketing of products and services to you.
More specifically, we may use your information:
How Does Maholla Share Your Information?
In operating our business and working to provide you the best products and services, unless specified otherwise elsewhere, we may share your information in the following ways:
With your consent—We may share information in other ways if you give us consent or direct us to do so.
How We Use and Share De-identified and/or Aggregated Information
Personal Information and Other Information may be de-identified and/or aggregated in a way to remove the personally identifying components. De-identified and/or aggregated information is not and will not be treated as Personal Information and may be used by us and shared with third parties to provide insights into developing or improving products or services, marketing, investment research or for any other legally permissible purposes. These third parties may also use and disclose the de-identified and/or aggregated information for their own business purposes, including to understand consumer shopping behaviours, investment research, market trends and other insights and for any other legally permissible purposes.
How We Use Google Analytics
For analytics, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics may set cookies on your browser or mobile device or read cookies that are already there to collect information. Google Analytics may also receive information about you from apps you have downloaded that partner with Google. Google Analytics collects information such as how often you use our Website and how you use our Website. We use the information provided by Google Analytics to improve our Websites and services. We do not combine the information collected through the use of Google Analytics with personally identifiable information.
Facebook Custom Audience
We may participate in Facebook’s Custom Audience programs which enables us to display personalised ads to individuals on our emails lists when they visit Facebook. Facebook acts as our service provider and uses our Personal Information on our behalf to determine whether you are a registered Facebook account holder in connection with this program. You can opt-out of our Facebook Custom Audience service by sending us an email with your name and email address and we will have Facebook remove you from the Facebook Custom Audience ads it sends on our behalf.
Your Information or the information you provide may be used to allow you to send messages to a friend through the Website or App. By using this functionality, you represent and agree that you have obtained the relevant required consent from that friend to send him/her messages and that we are not the sender or initiator of any such messages nor are you acting as our agent in sending any such messages.
Linking to Third Parties
When you leave this Website and go to another linked site, we are not responsible for the content or availability of the linked site. Please be advised that if you enter into a transaction on the third party site, we do not represent either the third party or you. Further, the privacy and security policies of the linked site may differ from those practiced by us and are not our responsibility. Moreover, we are not responsible for the privacy policies of other organisations, such as Apple, Google, Facebook, Twitter, or any other organisation involved in providing Maholla to you.
What Personal Information can I access, and how do I edit or change my Personal Information?
When you log into your account or email us at firstname.lastname@example.org, you may access, and, in some cases, edit or delete the following information you have provided to us:
You may be able to add, update, or delete information. However, when changes are made we may maintain a copy of the unrevised information in our records. You can also contact us about questions or requests relating to your personal information by sending an email to email@example.com. To protect your privacy, before we give you access or let you update your information, we may ask you to verify your identity or provide additional information. We may reject a request for a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful.
Rights of access, correction, erasure, objection, restriction and portability
Your duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your working relationship with us.
Your rights in connection with Personal Data
You have the right to:
No Fee Required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights).
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Is Personal Information about me secure?
If you choose to register an account with us and complete your profile, it will be protected by a password of your choosing for your privacy and security. It is your obligation to prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser and by logging out after you have finished accessing your account.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
We may occasionally run contests, surveys, or other special promotions in which we ask you for personal information (like an email address or name) or demographic information (like address, age, or income level). We use this data to run the contests or promotions and send users promotional material about our company or third parties we deal with. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The participant’s contact information is also used to contact him or her when necessary and may be shared with other companies for promotional purposes, but only with your prior permission and under the terms and conditions specified when you take part in the promotion. At any time, you may opt-out of receiving future mailings of this kind by following the unsubscribe instructions in each promotional communication, or simply decline to take part in the promotions.
The Services are not directed to children. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us. If we become aware that a member is under the age of 16 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
How can I contact Maholla?
Last Updated: 21 December 2022