Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide

When you register, make purchases, or interact with our platform, you may provide:

• Account Information: Name, email address, password, phone number, date of birth
• Contact Details: Shipping address, billing address, alternative contact information
• Payment Information: Credit/debit card details, banking information (processed securely by third-party payment processors)
• Vendor Information: Business name, tax ID, bank account details, business address (for vendors)
• Profile Information: Profile photo, preferences, wishlist, product reviews
• Communications: Messages to vendors, customer support inquiries, feedback
• Identity Verification: ID number, passport (if required for high-value transactions or vendor verification)

1.2 Information Collected Automatically

When you use MakhiMarket, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, products viewed, search queries, clickstream data
• Location Data: Approximate geographic location based on IP address
• Cookies & Tracking: Session data, preferences, authentication tokens
• Transaction History: Purchase history, order details, payment methods used

1.3 Information from Third Parties

We may receive information from:

• Payment Processors: Transaction status, fraud detection data (PayFast, PayPal)
• Social Media: Profile information if you connect social media accounts
• Analytics Providers: Aggregated usage statistics
• Delivery Services: Shipment tracking and delivery confirmation
• Credit Bureaus: Credit verification for vendor onboarding (if applicable)

2. How We Use Your Information

2.1 Primary Uses

We use your personal information for:

• Account Management: Create and maintain your account, authenticate logins
• Order Processing: Process purchases, arrange delivery, handle payments
• Customer Support: Respond to inquiries, resolve disputes, provide assistance
• Platform Operations: Facilitate transactions between customers and vendors
• Vendor Management: Onboard vendors, process payments, monitor compliance
• Communications: Send order confirmations, shipping updates, service notifications
• Security & Fraud Prevention: Detect and prevent fraud, unauthorized access, abuse

2.2 Marketing & Personalization

With your consent, we may use your information for:

• Sending promotional emails, SMS, or push notifications about deals and offers
• Personalizing product recommendations based on browsing and purchase history
• Displaying targeted advertisements on our platform or third-party sites
• Conducting market research and user experience studies
• Creating customer segments for marketing campaigns

2.3 Analytics & Improvement

We analyze user data to:

• Understand user behavior and preferences
• Improve platform functionality and user experience
• Develop new features and services
• Monitor platform performance and identify technical issues
• Train AI and machine learning models for recommendations

2.4 Legal & Compliance

We may process your information to:

• Comply with legal obligations (tax reporting, law enforcement requests)
• Enforce our Terms and Conditions and other policies
• Protect our rights, property, and safety
• Respond to legal claims or regulatory inquiries
• Prevent illegal activities (fraud, money laundering, etc.)

3. How We Share Your Information

3.1 With Vendors

When you make a purchase, we share necessary information with the vendor:

• Your name, shipping address, and contact details
• Order details (products, quantities, preferences)
• Communication messages related to the order

3.2 Service Providers

We share information with trusted third-party service providers who assist us:

• Payment Processors: PayFast, PayPal (to process payments securely)
• Delivery Services: Courier companies (to fulfill shipments)
• Cloud Hosting: Web hosting and data storage providers
• Email/SMS Services: WeMail, Texty (for transactional and marketing communications)
• Analytics Tools: Google Analytics, Facebook Pixel (for usage tracking)
• Customer Support: Help desk and chatbot platforms

These providers are contractually obligated to protect your information and use it only for specified purposes.

3.3 Legal & Safety Disclosures

We may disclose your information when required by law or to protect safety:

• In response to court orders, subpoenas, or legal processes
• To comply with tax reporting and financial regulations
• To law enforcement agencies investigating crimes
• To prevent fraud, abuse, or security threats
• To protect the rights and safety of MakhiMarket, users, or the public

3.4 Business Transfers

If MakhiMarket is acquired, merged, or sold, your information may be transferred to the new owners as part of the transaction. You will be notified of any such change.

3.5 Aggregated/Anonymized Data

We may share aggregated or anonymized data that cannot identify you individually for research, analytics, or business purposes.

4. Your Privacy Rights (POPIA)

4.1 Access to Personal Information

You have the right to request a copy of the personal information we hold about you. To request your data:

• Log in to your account and download your data from account settings
• Email us at privacy@makhimarket.co.za with your request
• We will respond within 30 days with your information in a portable format

4.2 Correction of Information

You can update or correct your personal information at any time:

• Edit your account details in "My Account" settings
• Contact us to correct information you cannot edit yourself
• We will update inaccurate or incomplete data promptly

4.3 Deletion of Information

You have the right to request deletion of your personal information, subject to certain limitations:

• Full Account Deletion: Request to delete your account and all associated data
• Exceptions: We may retain certain information if required by law (tax records, transaction history for 5 years)
• Vendor Records: Vendor transaction and financial data must be retained for legal/tax compliance
• Backup Data: Data in backups may persist for up to 90 days before permanent deletion

4.4 Objection to Processing

You can object to certain types of data processing:

• Direct Marketing: Opt-out of marketing emails, SMS, and notifications anytime
• Automated Decision-Making: Request human review of automated decisions (e.g., fraud detection)
• Profiling: Object to profiling for marketing purposes

4.5 Data Portability

You can request your data in a structured, commonly used format to transfer to another service.

4.6 Lodge a Complaint

If you believe we have mishandled your personal information, you may:

• Contact our Data Protection Officer: privacy@makhimarket.co.za
• File a complaint with the South African Information Regulator: www.justice.gov.za/inforeg
• Regulator Contact: +27 (0)10 023 5200 | inforeg@justice.gov.za

5. Cookies & Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide a better user experience.

5.2 Types of Cookies We Use

• Essential Cookies: Required for login, cart functionality, and security (cannot be disabled)
• Functional Cookies: Remember your preferences, language, and settings
• Analytics Cookies: Track usage patterns to improve the platform (Google Analytics)
• Marketing Cookies: Enable personalized ads and track campaign effectiveness
• Third-Party Cookies: Set by payment processors, social media, and advertising networks

5.3 Managing Cookies

You can control cookies through:

• Browser Settings: Block or delete cookies in your browser preferences
• Cookie Consent Banner: Adjust preferences when you first visit the site
• Account Settings: Disable analytics and marketing cookies in your account

5.4 Other Tracking Technologies

• Web Beacons/Pixels: Track email opens and campaign engagement
• Local Storage: Store cart data and user preferences locally
• Session Storage: Temporary data stored during your browsing session

6. Data Security & Protection

6.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: SSL/TLS encryption for data transmission
• Secure Payment Processing: PCI-DSS compliant payment processors
• Access Controls: Limited employee access to personal information
• Password Protection: Encrypted password storage with hashing
• Firewall & Monitoring: Intrusion detection and prevention systems
• Regular Audits: Security assessments and vulnerability testing
• Data Backups: Regular backups stored securely

6.2 Your Responsibility

You can help protect your account by:

• Using a strong, unique password
• Not sharing your login credentials with others
• Logging out on shared or public devices
• Reporting suspicious activity immediately
• Keeping your contact information up-to-date

6.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

• Notify you within 72 hours of discovering the breach
• Report the breach to the Information Regulator
• Provide details about the breach and steps taken to mitigate harm
• Offer guidance on protecting yourself from potential identity theft

7. Data Retention

7.1 How Long We Keep Your Data

We retain personal information for different periods depending on the type of data and legal requirements:

• Account Data: Until you delete your account or request deletion
• Transaction Records: 5 years (required by South African tax law)
• Financial Data: 5 years for tax and audit purposes
• Marketing Preferences: Until you opt-out or for 3 years of inactivity
• Support Communications: 2 years for quality assurance
• Usage Logs: 12 months for analytics and troubleshooting
• Vendor Records: 7 years for business and tax purposes

7.2 Deletion After Retention Period

After the retention period expires, we will:

• Permanently delete or anonymize personal information
• Securely destroy physical records (if any)
• Remove data from all backups within 90 days

7.3 Legal Holds

If your information is subject to a legal hold (litigation, investigation), we may retain it beyond the standard retention period until the hold is lifted.

8. Children's Privacy

MakhiMarket is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@makhimarket.co.za. We will promptly delete such information.

9. International Data Transfers

9.1 Data Storage Location

Your data is primarily stored on servers located in South Africa. However, some of our service providers may process data in other countries, including:

• United States (cloud hosting, analytics)
• European Union (payment processing)
• Other countries where our vendors or service providers operate

9.2 Transfer Safeguards

When transferring data internationally, we ensure:

• Adequate data protection measures are in place
• Recipients comply with POPIA-equivalent standards
• Standard contractual clauses or other legal mechanisms are used

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

10.1 Notification of Changes

If we make material changes to this Privacy Policy, we will:

• Post the updated policy on this page with a new "Last Updated" date
• Send you an email notification (if you have opted in to communications)
• Display a prominent notice on the platform
• Require your consent for significant changes that affect your rights

10.2 Your Continued Use

Your continued use of MakhiMarket after changes are posted constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use and delete your account.

11. Contact Information

11.1 Data Protection Officer

For privacy-related questions, requests, or complaints, contact our Data Protection Officer:

• Email: privacy@makhimarket.co.za
• Phone: [Your Phone Number]
• Address: [Your Physical Address], Pretoria, South Africa
• Response Time: Within 30 days of your request

11.2 Information Regulator (South Africa)

If your privacy concerns are not resolved, you may contact:

• Office: Information Regulator (South Africa)
• Website: www.justice.gov.za/inforeg
• Email: inforeg@justice.gov.za
• Phone: +27 (0)10 023 5200