Self Vibe Privacy Notice
Introduction
At Self Vibe Limited (referred to as "Self Vibe", "we", "us" and "our"), we are committed to protecting the privacy of our users across Africa. If you are in South Africa, Nigeria, Kenya, Ghana, or other African countries, we are the data controller unless otherwise stated. Please read the following privacy notice that explains how we collect, manage and protect your personal data.
This is the Privacy Notice ("Notice") for the website www.selfvibe.io, and all Self Vibe affiliate sites ("Sites"), or our applications ("Apps") (together "Services").
Contacting us
If you have any questions, comments and requests regarding this Notice you can get in touch with us via our Contact Us page, or via email at hello@selfvibe.io.
You can contact our Data Protection Officer at dpo@selfvibe.io.
What information do we collect & how do we use it?
This Notice will apply to you if:
- you visit and browse our Sites and Apps.
- You order products from or book appointments with our Partners through us (we'll refer to you as a "Client").
- You purchase a Self Vibe gift card for use with participating Partners from us (we'll refer to you as a "Client")
- you are self-employed and/or you work for a business on the Self Vibe platform (we'll refer to you and/or the business as a "Partner").
We will only use the information we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law including the Protection of Personal Information Act (POPIA) in South Africa, Nigeria Data Protection Regulation (NDPR), and Kenya's Data Protection Act. We handle your phone number in accordance with the terms specified hereafter. We do not sell or share your phone number with third parties, except where required by law. We say what these reasons usually are in each section below, and we explain each one under "What do each of these legal reasons mean?".
If you visit our services
We use your information to provide you with our Services. If you visit any of our Services, whether you're just browsing or you have an account, we will automatically collect information from you each time you use our Sites. This includes technical information.
What do each of these legal reasons mean?
Under African data protection laws, including POPIA, NDPR, and Kenya's Data Protection Act, we must have a lawful basis for processing your personal information. Here's what each legal reason means:
Consent
You have given us clear permission to process your personal information for a specific purpose.
Contract
Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
Legal obligation
Processing is necessary for us to comply with the law (not including contractual obligations).
Legitimate interests
Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal information which overrides those legitimate interests.
Who do we share your information with?
We may share your personal information with the following categories of recipients:
- Beauty and wellness partners across Africa when you book appointments or purchase services
- Payment processors operating in African markets to process transactions
- Technology service providers who help us operate our platform
- Legal and regulatory authorities when required by African laws
- Professional advisors including lawyers, accountants, and consultants
Where do we store your information?
Your personal information is primarily stored within Africa and the European Union to ensure compliance with local data protection laws. We use secure cloud infrastructure providers who maintain data centers in these regions.
When we transfer data outside of Africa, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by relevant authorities
- Adequacy decisions where available
- Binding corporate rules for multinational organizations
How do we protect your information?
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection and privacy
- Incident response procedures
Payment processing
We work with trusted payment processors that operate in African markets, including local mobile money providers and international payment gateways. When you make a payment, your financial information is processed securely according to PCI DSS standards.
We do not store your complete payment card details on our servers. Instead, we use tokenization and work with PCI-compliant payment processors to handle sensitive financial information.
External sites
Our Services may contain links to external websites, including partner businesses, social media platforms, and third-party service providers. We are not responsible for the privacy practices of these external sites.
We encourage you to read the privacy policies of any external sites you visit through our Services.
How long is your information kept for?
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:
- Account information: Until you delete your account, plus 7 years for legal compliance
- Transaction records: 7 years as required by African financial regulations
- Marketing communications: Until you unsubscribe or withdraw consent
- Technical logs: 12 months for security and performance monitoring
Aggregated data
We may create aggregated, anonymized data from your personal information for analytical purposes, market research, and to improve our Services. This aggregated data cannot be used to identify you personally and may be shared with partners and third parties.
What rights do you have with your personal information?
Under African data protection laws, you have the following rights regarding your personal information:
- Right of access: Request copies of your personal information
- Right to rectification: Request correction of inaccurate information
- Right to erasure: Request deletion of your personal information
- Right to restrict processing: Request limitation of how we use your information
- Right to data portability: Request transfer of your information to another service
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent for processing where applicable
To exercise these rights, contact us at dpo@selfvibe.io.
Updating this Privacy notice
We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
- Posting the updated notice on our website
- Sending you an email notification if you have an account
- Displaying a prominent notice on our Services