self vibe
Back to home

Data protection

Last updated: January 2025

Introduction

Self Vibe Technologies Limited is committed to protecting your personal information and respecting your privacy rights. This Data Protection Notice explains how we collect, use, and protect your personal data in compliance with the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR).

This notice applies to all personal data we process, whether you're a business partner using our platform, a customer booking services, or a visitor to our website.

Important: We act as both a data controller and data processor depending on the context. This notice explains both roles and your rights in each situation.

Self Vibe as data controller

We act as a data controller when we determine the purposes and means of processing your personal data for our own business purposes.

When we're the controller:

  • Processing partner registration and account management data
  • Analyzing platform usage and performance metrics
  • Conducting marketing and promotional activities
  • Providing customer support and technical assistance
  • Ensuring platform security and fraud prevention
  • Complying with legal and regulatory requirements

Our responsibilities as controller:

  • Ensure lawful basis for all processing activities
  • Implement appropriate security measures
  • Respect your rights as a data subject
  • Provide transparent information about our processing
  • Maintain accurate and up-to-date records

Self Vibe as data processor

We act as a data processor when we process personal data on behalf of our business partners who use our platform to manage their operations.

When we're the processor:

  • Storing and managing client appointment data for partners
  • Processing payments on behalf of business partners
  • Sending automated appointment reminders to clients
  • Generating business reports and analytics for partners
  • Managing client communication preferences

Our obligations as processor:

  • Process data only on documented instructions from the controller
  • Implement appropriate technical and organizational security measures
  • Assist controllers in responding to data subject requests
  • Notify controllers of any data breaches without delay
  • Delete or return data when processing ends

Data Processing Agreement: Our processing activities are governed by a comprehensive Data Processing Agreement that forms part of our Partner Terms.

Lawful basis for processing

We only process personal data when we have a lawful basis under POPIA and GDPR:

Contract Performance

Processing necessary to perform our contract with you, such as providing platform services, processing payments, and managing your account.

Legitimate Interests

Processing for our legitimate business interests, such as improving our services, preventing fraud, and ensuring platform security, balanced against your rights and interests.

Legal Compliance

Processing required to comply with legal obligations, such as tax reporting, anti-money laundering requirements, and regulatory compliance.

Consent

Processing based on your explicit consent, such as marketing communications and optional features. You can withdraw consent at any time.

Data we collect

We collect different types of personal data depending on how you interact with our platform:

Account and Profile Data:
  • Name, email address, phone number
  • Business information and professional credentials
  • Profile photos and business images
  • Account preferences and settings
Transaction and Financial Data:
  • Payment information and transaction history
  • Bank account details for payouts
  • Billing addresses and tax information
  • Refund and chargeback records
Usage and Technical Data:
  • Platform usage patterns and feature interactions
  • Device information and browser details
  • IP addresses and location data
  • Log files and error reports
Communication Data:
  • Support tickets and customer service interactions
  • Survey responses and feedback
  • Marketing communication preferences
  • Social media interactions

How we use your data

We use your personal data for the following purposes:

Service Provision:
  • Creating and managing your account
  • Processing bookings and payments
  • Providing customer support
  • Delivering platform features and functionality
Business Operations:
  • Analyzing platform usage and performance
  • Improving our services and developing new features
  • Conducting research and analytics
  • Managing business relationships
Security and Compliance:
  • Preventing fraud and unauthorized access
  • Ensuring platform security and stability
  • Complying with legal and regulatory requirements
  • Investigating and resolving disputes
Marketing and Communication:
  • Sending service-related notifications
  • Providing marketing communications (with consent)
  • Conducting surveys and collecting feedback
  • Personalizing your platform experience

Data sharing and transfers

We may share your personal data in the following circumstances:

Service Providers: We work with trusted third-party service providers who help us operate our platform, including payment processors, cloud hosting providers, and customer support tools. These providers are bound by strict confidentiality agreements.
Business Partners: When you book services through our platform, we share necessary information with the relevant business partner to fulfill your booking.
Legal Requirements: We may disclose data when required by law, court order, or regulatory authority, or to protect our rights and the safety of our users.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

No Sale of Data: We never sell your personal data to third parties for their marketing purposes.

Data retention

We retain personal data only as long as necessary for the purposes outlined in this notice:

Account Data: Retained while your account is active and for 7 years after closure for legal and tax compliance purposes.
Transaction Data: Retained for 7 years after the transaction for financial record-keeping and regulatory compliance.
Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytics and service improvement.
Communication Data: Support tickets and communications retained for 3 years for quality assurance and dispute resolution.

Secure Deletion: When data is no longer needed, we securely delete or anonymize it using industry-standard methods.

Your rights as a data subject

Under POPIA and GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data in certain circumstances (subject to legal obligations).

Right to Restrict Processing

Request limitation of processing in specific situations.

Right to Data Portability

Receive your personal data in a structured, machine-readable format for transfer to another service.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Exercising Your Rights: To exercise any of these rights, contact us at privacy@selfvibe.io or use the data management tools in your account dashboard. We'll respond within 30 days.

Security measures

We implement comprehensive security measures to protect your personal data:

Technical Safeguards:
  • End-to-end encryption for data transmission
  • Advanced encryption for data at rest
  • Multi-factor authentication for account access
  • Regular security updates and patches
  • Intrusion detection and monitoring systems
Organizational Measures:
  • Staff training on data protection and security
  • Access controls and role-based permissions
  • Regular security audits and assessments
  • Incident response and breach notification procedures
  • Vendor security assessments and agreements
Compliance Certifications:
  • ISO 27001 information security management
  • PCI DSS compliance for payment processing
  • SOC 2 Type II security and availability
  • Regular penetration testing and vulnerability assessments

Data Breach Response: In the unlikely event of a data breach, we have procedures in place to contain the incident, assess the impact, and notify affected individuals and authorities as required by law.

Cross-border data transfers

As a technology platform, we may transfer personal data across borders to provide our services effectively:

Transfer Safeguards: All international data transfers are protected by appropriate safeguards, including:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate protection
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct
Data Localization: Where possible and required by law, we store and process data within the country or region where it was collected.
Third-Party Processors: Our service providers who may access your data are contractually bound to provide the same level of protection as we do.

Your Rights: You have the right to obtain information about the safeguards we use for international transfers and to object to transfers in certain circumstances.

Complaints and contact

If you have questions, concerns, or complaints about our data protection practices:

Data Protection Officer: privacy@selfvibe.io
General Inquiries: support@selfvibe.io
Phone: +27 11 123 4567
Postal Address: Self Vibe Technologies Limited, PO Box 12345, Johannesburg, 2000, South Africa

Regulatory Complaints: If you're not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

  • South Africa: Information Regulator (inforegulator.org.za)
  • European Union: Your local Data Protection Authority

Response Time: We aim to respond to all data protection inquiries within 30 days. Complex requests may take longer, but we'll keep you informed of our progress.