Privacy Policy

At Maholla, accessible at maholla.com, via our mobile application or any of our other Services, one of our main priorities is the privacy of our visitors and/or users. This Privacy Policy document contains types of information that is collected and recorded by Maholla and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at privacy@maholla.com


This Privacy Policy applies to information that is provided or collected through all the Services provided by Maholla, (together, and with their parent corporations, other subsidiaries and affiliates, “Maholla,” “we,” or “us”).


Definitions

“Data Controller” has the meaning set out in the EU GDPR and, to the extent that Processing is done in terms of the Protection of Personal Information Act, 2013 (“POPIA”), includes a “Responsible Party” as defined herein.


“Responsible Party” has the meaning assigned to it in POPIA.


“Data Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller and, to the extent that Processing is done in terms of POPIA, includes an Operator, as defined herein.


“Operator” has the meaning assigned to it in POPIA.


“Data Protection Legislation” means all data protection laws and regulations applicable to Processing under the Privacy Notice, including, but not limited to, the UK Data Protection Act 2018, the UK GDPR, the EU GDPR and POPIA.


“EU GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation).


“UK GDPR” means the adaptation of the EU GDPR which is applicable to the United Kingdom, and which is supplementary to the UK Data Protection Act 2018.


“Data Subject” means the identified or identifiable natural person to whom Personal Data relates and, where required in terms of specific Data Protection Law, includes an identified or identifiable juristic person to which Personal Data relates. The meaning of identifiable natural person is that which is provided in the EU GDPR.

“Personal Data” means any information relating to a Data Subject and, to the extent that Processing is done in terms of POPIA, includes “Personal Information” as defined herein.


“Personal Information” has the meaning assigned to it in POPIA.


“Special Category Data” means any information processing revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and, to the extent that processing is done in terms of POPIA, includes “Special Personal Information” as defined herein.


“Special Personal Information” has the meaning assigned to it in POPIA.


“Personal Data Breach” means a breach of security during provision of the Services leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.


“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and “Process”, “Processed” and “Processes” have meanings concomitant therewith.


“Restricted Area” means any territory which, under Data Protection Law, is not recognised by the European Commission as providing an adequate level of protection for Personal Data.


“Sub-processor” means a third-party contracted by a Processor to Process Personal Data.

Data Protection Principles

We will comply with data protection law. This says that the Personal Data we hold about you must be:

  • Used lawfully and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

Consent

By using our website, mobile application or any other Services provided by Maholla, you hereby consent to our Privacy Policy and agree to its terms. In some circumstances, we may rely on other legal bases for processing your personal information, such as legitimate interest in the event that no consent can be reasonably obtained, or the exercise of a legal obligation, such as in the event that we must pay our employees. 

Information we collect

Information You Provide Us

The information we collect varies depending on the type of activity you are performing and helps us provide you the products and services you request, personalise and improve your experience and allows us to provide you with opportunities to learn about products and services that may interest you. We may collect the following Personal Information from or about you:

  • Name
  • Birth Date
  • Email Address
  • Telephone Number(s)
  • Other information you provide us

This information is collected at the moment you start using our website, mobile application or any other Services provided by Maholla. This information processing is based on your consent. 

Other Information We Collect When You Use Our Website or App

Our Website or App collects certain information automatically about you and your use of our Website or App and services that does not necessarily personally identify you, your interactions with us and information regarding the device you use to access our Website or App (collectively “Other Information”). This information includes:

  • User Submissions (as defined in the Terms)
  • Gender
  • Date of Birth
  • IP address
  • Unique device ID
  • App usage information, including but not limited to:
  • Details about products you have scanned, purchased, searched for or favorited
  • Details about rewards earned and redeemed, deals, challenges, discounts, and coupons associated with your account
  • Time, duration, and location of your App use
  • Other activity logs


This information is collected at the time that you use our website or application. This information processing is based on your consent. 

Geo-Location Services

We may utilise location services on your mobile device to collect and use location data, including the real-time geographic location of your device. We may obtain the physical location of your device by using satellite, cell phone tower, WiFi, or other technologies or signals. The physical location is used to provide you with a variety of services such as personalised content and/or advertising. We may communicate with you based on your location, and when we do so, we do that through our App’s push notifications. We do not use your geo-location as a basis for sending you text or SMS messages. If you do not want to receive push notifications, you can disable that through your Maholla App Settings. We will collect precise real-time geolocation data only if you consent. You may opt out of using location services using your device’s functionality to do so, but this may degrade the features and functionality that we can provide. Separate from precise geo-location options, our App [constantly or when the App is being utilised] approximates your device location solely for fraud detection purposes.


This information is collected at the time that you use our application. This information processing is based on your consent. 


Information from Other Sources

We may collect data that is publicly available such as information you have submitted in public forums, including social media platforms. We may also collect information from third parties such as demographic information and other information that can enhance our existing information about you. We use this information to provide you services and to improve the products and services we deliver to you, including to prevent fraud and/or to verify your identity. This information processing can occur any time during our relationship with you, and is based on our legitimate interest.

Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.


If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.


Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


How We Use Cookies and Other Tracking Technologies

Cookies: Cookies are a form of data transferred to a user’s device to facilitate customised site information and ongoing use. We use cookies for website administration and personalisation, authentication, completing your requests to us, and for analysis that does not identify specific individuals. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to disable cookies on your browser but doing so may prevent you from using the full features of the Website.


Pixel Tags: We use Pixel Tags, or other forms of clear images and similar technologies, such as Javascript scripts on our Website and emails to understand the actions of users and measure the success of marketing efforts. This will help us deliver and improve our marketing and our content to be more relevant to your interests.


When we use tracking technologies, Maholla does not combine your data with data from third parties but rather only uses Maholla’s own data for its business purposes and to operate the App. In other instances, we may not specifically track you in understanding certain aspects of our App or marketing campaigns but instead use probabilistic modelling to estimate certain measurements relating to our App or campaigns.

Website Tracking

On our Website only, we may let third parties use cookies, web beacons, and similar tracking technologies. They may collect information about how you use our Website and services and other websites and online services over time and across different services. This information may be used to, among other things, analyse and track data, determine the popularity of certain content, and better understand your online activity. You can amend your consent for cookies on our Website directly. 



‍How Does Maholla Use Your Information?

We use your information to provide you our Website, App, and Maholla program which allows you to engage and intentionally interact with our service. We also use your information to analyse, administer, enhance and personalise our Website and App and the services we provide to you, including our marketing of products and services to you. 


More specifically, we may use your information:

  • Improve, personalise, and expand our Services
  • Pursuant to your direction to enable you to engage with all our participating brands to acquire points from them and otherwise interact with them
  • To deliver our products and services to you, including completing and processing your receipts and transactions, processing your points, obtaining Rewards, or engaging in other transactions with us
  • To enable you to create an account to conduct transactions and otherwise interact with us and our participating brands
  • To determine your eligibility for certain products and/or services
  • To communicate with you about our program and services, including to respond to your customer service requests or respond to any other inquiry or correspondence you send to us
  • To present you with marketing relating to our program and services, including promotions, coupons and other offers
  • To provide you updates, reminders, or other informational content
  • To enable you to participate in contests, promotions, or surveys
  • To enable you to participate in forums, blogs, and post testimonials. If you provide a testimonial, your name will be publicly posted along with the testimonial. Please remember that blogs and testimonials are located in the public areas of our Website or App. Do not share content that you would not want others to read, save, or share
  • To analyse and improve our Website, App, products, and services, including analysing trends and usage
  • To analyse market trends and consumer behaviours for internal business purposes
  • To prevent, detect, investigate, or remediate security or other legal concerns, including fraud
  • To protect the rights, property, or safety of us our users, or any other person or the copyright-protected content of our Website
  • To comply with applicable laws, regulations, or industry requirements, or respond to subpoenas or government requests
  • To fulfil any other purpose for which your provide it or consent

How Does Maholla Share Your Information?

In operating our business and working to provide you the best products and services, unless specified otherwise elsewhere, we may share your information in the following ways:

  • With our participating brands—When you use our App and participate in our program, you direct us to provide information you provide us by registering and earning rewards to all participating brands who provide points in our Program and who can engage with you and use your personal information in accordance with their privacy policies regardless of your actual interaction with each. For a list of our participating brands, click here. In addition, by uploading receipts, redeeming a Special Offer, participating in a Challenge, or taking a Survey offered by a Partner, you are using Maholla to intentionally interact with all our participating brands who provide points in our Program. Maholla does not share your Phone number with any participating brands. For more details about the terms of our Program click here to review our Terms of Service.
  • What Value Do You Receive from Participating in Our Program?– Our program allows you to direct us to share your personal information you provide us when registering and earning rewards with all our participating brands so that you can interact with them to earn points. The value you receive in participating in our Program is calculated by and depends on the amount and nature of your interaction with our participating brands to obtain points. If you no longer want to share your personal information with all our participating brands, please stop using the Services and contact us to delete your account at any time.
  • With our service providers—that is, organisations that provide services to support Maholla functions, such as our mail processing company, payment processing companies, and market research firms. A list of subprocessors may be requested at all times by emailing us at privacy@maholla.com.
  • With other users as part of the referral program—By providing your referral code or referral link to another user, or by entering a referral code or referral link from another user, you agree that this will form a digital relationship between your accounts, and that your name or other personal information may be shared with that user, either in-app or by our customer support team.
  • With third parties for legal or security reasons
  • We may share information about you if we reasonably believe that disclosing the information is needed to:
  • comply with any valid legal process, governmental request, or applicable law, rule, or regulation.
  • investigate, remedy, or enforce potential violations of our Terms of Service
  • protect the rights, property, and safety of us, our users, or others.
  • Detect and resolve any fraud or security concerns.
  • With third parties as part of an acquisition or liquidation
  • We are involved in a merger, asset sale, financing, corporate divestiture, reorganisation, or acquisition of all or some portion of our business to another company or if we undergo liquidation or bankruptcy proceedings, we may share your information in connection with such transaction or proceeding before and or after the transaction closes or the proceedings are completed.


With your consent—We may share information in other ways if you give us consent or direct us to do so.

How We Use and Share De-identified and/or Aggregated Information

Personal Information and Other Information may be de-identified and/or aggregated in a way to remove the personally identifying components. De-identified and/or aggregated information is not and will not be treated as Personal Information and may be used by us and shared with third parties to provide insights into developing or improving products or services, marketing, investment research or for any other legally permissible purposes. These third parties may also use and disclose the de-identified and/or aggregated information for their own business purposes, including to understand consumer shopping behaviours, investment research, market trends and other insights and for any other legally permissible purposes.

How We Use Google Analytics

For analytics, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics may set cookies on your browser or mobile device or read cookies that are already there to collect information. Google Analytics may also receive information about you from apps you have downloaded that partner with Google. Google Analytics collects information such as how often you use our Website and how you use our Website. We use the information provided by Google Analytics to improve our Websites and services. We do not combine the information collected through the use of Google Analytics with personally identifiable information.

For more information regarding how Google collects, uses, and shares your information please visit http://www.google.com/policies/privacy/partners/. By using our Website, you consent to the processing of data about you by Google as described here and in Google’s privacy policy. You can control the information provided to Google and opt out of certain ads provided by Google by using of the of the methods set forth in http://www.google.com/policies/privacy/partners/ or use the Google Analytics opt out browser add-on at http://tools.google.com/dlpage/gaoptout?hl=en


Facebook Custom Audience

We may participate in Facebook’s Custom Audience programs which enables us to display personalised ads to individuals on our emails lists when they visit Facebook. Facebook acts as our service provider and uses our Personal Information on our behalf to determine whether you are a registered Facebook account holder in connection with this program. You can opt-out of our Facebook Custom Audience service by sending us an email with your name and email address and we will have Facebook remove you from the Facebook Custom Audience ads it sends on our behalf.


Messaging

Your Information or the information you provide may be used to allow you to send messages to a friend through the Website or App. By using this functionality, you represent and agree that you have obtained the relevant required consent from that friend to send him/her messages and that we are not the sender or initiator of any such messages nor are you acting as our agent in sending any such messages.


Linking to Third Parties

When you leave this Website and go to another linked site, we are not responsible for the content or availability of the linked site. Please be advised that if you enter into a transaction on the third party site, we do not represent either the third party or you. Further, the privacy and security policies of the linked site may differ from those practiced by us and are not our responsibility. Moreover, we are not responsible for the privacy policies of other organisations, such as Apple, Google, Facebook, Twitter, or any other organisation involved in providing Maholla to you.


What Personal Information can I access, and how do I edit or change my Personal Information?

When you log into your account or email us at support@maholla.com, you may access, and, in some cases, edit or delete the following information you have provided to us:

  • Password
  • Email Address
  • User Name


You may be able to add, update, or delete information. However, when changes are made we may maintain a copy of the unrevised information in our records. You can also contact us about questions or requests relating to your personal information by sending an email to privacy@maholla.com. To protect your privacy, before we give you access or let you update your information, we may ask you to verify your identity or provide additional information. We may reject a request for a number of reasons, including, for example, that the request risks the privacy of other users, requires technical efforts that are disproportionate to the request, is repetitive, or is unlawful. 


Rights of access, correction, erasure, objection, restriction and portability

Your duty to inform us of changes

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your working relationship with us.


Your rights in connection with Personal Data

You have the right to:

  • Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data to another party. If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party.


No Fee Required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). 


What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

Data retention

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.


Is Personal Information about me secure?

If you choose to register an account with us and complete your profile, it will be protected by a password of your choosing for your privacy and security. It is your obligation to prevent unauthorised access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser and by logging out after you have finished accessing your account.


We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. 


Promotions

We may occasionally run contests, surveys, or other special promotions in which we ask you for personal information (like an email address or name) or demographic information (like address, age, or income level). We use this data to run the contests or promotions and send users promotional material about our company or third parties we deal with. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The participant’s contact information is also used to contact him or her when necessary and may be shared with other companies for promotional purposes, but only with your prior permission and under the terms and conditions specified when you take part in the promotion. At any time, you may opt-out of receiving future mailings of this kind by following the unsubscribe instructions in each promotional communication, or simply decline to take part in the promotions.

 

Children's Information

The Services are not directed to children. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us. If we become aware that a member is under the age of 16 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.

How can I contact Maholla?

We are always trying to make Maholla’s services better. If you have any questions about this Privacy Policy please don’t hesitate to contact us at privacy@maholla.com

Maholla Privacy Policy

Last Updated​: 21 December 2022


Built with ❤️ & ☕
© Maholla B.V. 2023
Product
HomeHow it works Rewards
resources
Help CentreBrandsPartner with us
company
Privacy PolicyTerms of ServiceResponsible DisclosureCareers - we're hiring!