GrocZA - Privacy Policy | POPIA Compliant

Privacy Policy

POPIA Compliant • South African Law

as prescribed by the provisions of THE PROTECTION OF PERSONAL INFORMATION ACT, 2013 (POPIA)

Last Updated: May 14, 2026

📋 1. DEFINITIONS AND INTERPRETATION

In this Privacy Policy, unless the context indicates otherwise, the following words and expressions shall bear the meanings assigned to them:

1.1 "Company", "GrocZA", "we", "us", "our"

Means GrocZA (Pty) Ltd, a private company duly registered and incorporated in accordance with the company laws of the Republic of South Africa, with registration number 2026/200377/07, registered with the Companies and Intellectual Property Commission (CIPC), together with its subsidiaries (if any) as specified in Appendix 1.

Reference: Companies Act 71 of 2008

1.2 "POPIA"

Means the Protection of Personal Information Act 4 of 2013, as amended, including any regulations, codes of conduct, or guidelines issued thereunder.

1.3 "PAIA"

Means the Promotion of Access to Information Act 2 of 2000, as amended.

1.4 "Personal Information"

Has the meaning ascribed thereto in section 1 of POPIA and includes any information relating to an identifiable, living, natural person, and where applicable, an identifiable juristic person, including but not limited to information such as name, contact details, IP addresses, access logs, device information, and any other data that can identify a Data Subject.

1.5 "Data Subject"

Means the natural or juristic person to whom Personal Information relates, including but not limited to users of the Platform, subscribers, trial users, and visitors.

1.6 "Responsible Party"

Means GrocZA (Pty) Ltd, which alone or jointly with others, determines the purpose of and means for processing Personal Information, as defined in POPIA.

1.7 "Information Officer"

Means the person appointed by the Company in accordance with section 55 of POPIA and referred to in clause 4, responsible for ensuring compliance with POPIA and handling data subject requests.

1.8 "Platform"

Means the GrocZA website, web application, mobile application, and all associated services, software, databases, and systems operated by or on behalf of the Company.

1.9 "Processing"

Has the meaning ascribed thereto in section 1 of POPIA and means any operation or activity concerning Personal Information, including collection, receipt, recording, organization, collation, storage, updating, modification, retrieval, consultation, use, dissemination, merging, linking, restriction, degradation, erasure, or destruction.

1.10 "Consent"

Means any voluntary, specific, and informed expression of will in terms of which a Data Subject agrees to the Processing of their Personal Information.

1.11 "Information Regulator"

Means the Information Regulator established in terms of section 39 of POPIA, responsible for overseeing compliance with POPIA and handling complaints.

1.12 "Intelligence Reports"

Means any and all market intelligence, risk assessments, analytics, data compilations, forecasts, insights, alerts, and other information generated, displayed, or made available through the Platform.

1.13 "Special Personal Information"

Means Personal Information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sex life, biometric data, or criminal behavior, as defined in section 26 of POPIA.

1.14 "CIPC"

Means the Companies and Intellectual Property Commission established in terms of the Companies Act 71 of 2008.

🏢 2. COMPANY DETAILS

The details of the Company are as follows:

Physical Address:

1753 phillips avenue ,Grasmere , Ennerdale 1833

Postal Address:

1753 phillips avenue ,Grasmere , Ennerdale 1833

Registration Number:

2026/200377/07

Website:

www.grocza.com

📧 3. INFORMATION OFFICER CONTACT DETAILS

In accordance with section 55 of POPIA, the Company has appointed an Information Officer who can be contacted as follows:

Physical Address:

1753 phillips avenue ,Grasmere , Ennerdale 1833

Postal Address:

1753 phillips avenue ,Grasmere , Ennerdale 1833

Email:

privacy@grocza.com (marked for the attention of the Information Officer)

Deputy Information Officer:

Available at same contact details

📌 4. INTRODUCTION AND PURPOSE

4.1 This privacy policy is issued on behalf of GrocZA (Pty) Ltd (registration number: 2026/200377/07) and applies to all Data Subjects who interact with our Platform.

4.2 The Company is committed to protecting your privacy and Personal Information and complying with applicable data protection laws in South Africa, including POPIA and PAIA, when you access our Platform or make use of the Company's services.

4.3 We are a Responsible Party of your Personal Information. This means that we are responsible for deciding how we hold and use Personal Information about you. We always aim to be transparent about how we use your data and to comply with applicable Data Protection Laws.

4.4 This policy will inform you about what data we collect from our Data Subjects, how we use such data, circumstances where we may disclose this data to others, and how we keep it secure.

📊 5. INFORMATION WE MAY COLLECT FROM YOU (THE DATA SUBJECT)

5.1 We use the term "Personal Information" to mean information that relates to you as defined in clause 1.4. Information that is not linked to a particular individual, such as statistical or aggregated information, is not Personal Information and is not covered by this Privacy Policy. We may collect, process, use, disclose and transfer non-personal information for any purpose.

5.2 Generally, we may collect Personal Information about you when you access the Platform and/or subscribe for the services offered. We may also collect information when you use the site, report a problem, use support services, or communicate with us. Below is the information that may be collected and processed:

Account credentials: Username, password hash, and email address provided at registration.
Technical information: IP addresses, access logs, user agent information, device type, operating system, and browser type.
Usage information: Access code usage, search queries, topic group interests, and analytics regarding Platform interaction.
Communication records: Correspondence when you contact us for support or inquiries.
Transaction information: Payment history and subscription details (if applicable).
Survey responses: Information obtained from surveys we may ask you to voluntarily complete.

5.3 We may collect non-personal information such as your IP address, date, time, and duration of your access to track your visits to deliver a more personalized experience.

5.4 By using the Platform, you are consenting to our use of cookies, caching tools, and analytics tools in accordance with this Privacy Policy. If you do not agree, please refrain from using the Platform.

⚠️ CHILDREN'S PRIVACY

5.5 We do not knowingly collect or share any Personal Information relating to children under the age of 13. If we learn that our systems have inadvertently collected information relating to children under the age of 13, we will promptly delete the information and put measures in place to prevent recurrence.

5.6 We do not knowingly collect Special Personal Information as defined in clause 1.13 unless specifically required and with your explicit consent.

⚙️ 6. HOW YOUR PERSONAL INFORMATION IS USED - PROCESSING PURPOSES

6.1 We will only process your Personal Information when we have legal grounds to do so. Generally, we rely on the following legal grounds:

Consent: Where you have given us explicit consent to process your information.
Contractual necessity: Where processing is necessary for the performance of a contract with you.
Legal obligation: Where processing is necessary to comply with a legal obligation.
Legitimate interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

6.2 Our legitimate interests include:

Providing and improving market intelligence services
Monitoring and analyzing usage patterns to enhance Platform functionality
Preventing abuse and enforcing rate limits
Maintaining security and audit trails
Generating analytics for business intelligence (using anonymized data)
Communicating important information about Platform changes

6.3 We may use your information to communicate requested information and services to you, authenticate users, provide access to restricted pages, and ensure content is presented effectively.

🚫 7. WHAT WE DON'T DO WITH YOUR INFORMATION

In respect of your Personal Information, we will NOT:

Sell, license, or rent your Personal Information to any third party
Transfer your Personal Information to any ad network, data broker, or other advertising-related service
Use your Personal Information to make decisions about eligibility for credit, insurance, or employment
Put your Personal Information in a search engine or public directory without your consent
Share your login credentials or passwords with any third party
Process your Personal Information for purposes incompatible with those disclosed in this policy
Retain your Personal Information longer than necessary for the purposes stated

We are committed to ethical data practices and transparency in all our processing activities.

🔄 8. DISCLOSURE OF YOUR PERSONAL INFORMATION

8.1 We may share your data with selected third parties, including:

Service providers: IT service providers, cloud hosting providers, payment processors, and analytics providers who assist in operating the Platform.
Professional advisors: Lawyers, auditors, and consultants who provide professional services to us.
Regulatory authorities: Where required by law or to comply with legal obligations.

8.2 We may also disclose your information:

For legal and regulatory compliance with applicable law, regulation, legal process, or governmental request.
To enforce our Terms of Use and other agreements.
To detect, prevent, or otherwise address illegal or suspected illegal activities, security, or technical issues.
To protect against harm to the rights, property, or safety of us, our users, or the public.
In connection with any reorganization, restructuring, merger, or sale of assets, provided the receiving party agrees to protect your information in a manner consistent with this policy.

8.3 If any third party processes your data on our behalf, we ensure there are sufficient contractual and operational safeguards protecting your data through written agreements that comply with POPIA.

🔒 9. DATA SECURITY

9.1 The Company is committed to protecting the security of your Personal Information and will take all reasonable technical and organizational measures to secure the Personal Information that you submit to us.

Technical Measures:

AES-256 encryption for all sensitive data
CSRF protection on all forms
Rate limiting to prevent abuse
Secure session management
Firewalls and intrusion detection

Organizational Measures:

Regular security audits
Staff training on data protection
Access controls and need-to-know basis
Incident response procedures
Vendor due diligence

9.2 Disclaimer: Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your information transmitted via the Platform. Any transmission is at your own risk.

⏱️ 10. DATA RETENTION

10.1 We review our data retention periods regularly and will only hold your Personal Information for as long as is necessary for the relevant activity, or as required by law.

Retention Periods:

Data Type	Retention Period
Access logs	30 days
Search history	7 days
Login attempts	24 hours
Account data	Until account deletion + 30 days
Analytics data	Anonymized after 90 days
Financial records	5 years (legal requirement)

10.2 To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your information, and applicable legal requirements.

⚖️ 11. YOUR RIGHTS UNDER POPIA

As a Data Subject, you have the following rights regarding your Personal Information:

📋

Right of Access

Request a copy of your Personal Information held by us

✏️

Right to Rectification

Correct inaccurate or incomplete Personal Information

🗑️

Right to Erasure

Request deletion of your Personal Information

⏸️

Right to Restriction

Restrict processing of your information

📤

Right to Data Portability

Receive your data in a structured, commonly used format

🚫

Right to Object

Object to processing of your information

11.2 How to exercise your rights: To exercise any of these rights, please contact our Information Officer at privacy@grocza.com marked for the attention of the Information Officer. We will respond to your request within 30 days as required by POPIA.

11.3 Right to lodge a complaint: If you believe your rights have been infringed, you have the right to lodge a complaint with the Information Regulator:

Information Regulator (South Africa)
Website: www.justice.gov.za/inforeg/
Email: inforeg@justice.gov.za

📧 12. DIRECT MARKETING

12.1 We may, with your consent, send you direct marketing communications regarding our services that may be of interest to you.

12.2 You have the right to opt out of receiving marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email
Contacting our Information Officer at privacy@grocza.com
Adjusting your communication preferences in your account settings

12.3 We will not send you direct marketing communications if you have opted out.

🍪 13. COOKIES AND TRACKING TECHNOLOGIES

13.1 Our Platform uses cookies and similar technologies to enhance your experience, analyze trends, and administer the website.

13.2 Types of cookies we use:

Essential cookies: Required for Platform functionality
Analytics cookies: Help us understand how visitors interact with the Platform
Preference cookies: Remember your settings and preferences

13.3 You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Platform.

📝 14. CHANGES TO THIS PRIVACY POLICY

Any changes we make to this privacy policy will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.

📄 15. PAIA COMPLIANCE

15.1 This manual serves as a guide to the Promotion of Access to Information Act, 2000 ("PAIA"). In accordance with section 51 of PAIA, we have compiled a PAIA manual that sets out the procedures to be followed when requesting access to records held by the Company.

15.2 Requests for access to information must be made in writing to the Information Officer and will be processed in accordance with PAIA.

📎 APPENDIX 1: SUBSIDIARIES

As of the date of this policy, the following are subsidiaries of GrocZA (Pty) Ltd:

[List any subsidiaries or state "None currently"]

BY USING GROCZA, YOU ACKNOWLEDGE THAT:

You have read, understood, and agree to be bound by this Privacy Policy, including all definitions and provisions as set forth above. You confirm that GrocZA (Pty) Ltd (Registration Number: 2026/200377/07) is a duly registered company with CIPC, and you consent to the processing of your Personal Information as described in this policy.

CIPC REGISTRATION: GrocZA (Pty) Ltd (Registration Number: 2026/200377/07) is registered with the Companies and Intellectual Property Commission (CIPC) in accordance with the Companies Act 71 of 2008.

POPIA Compliance Status: Active | Information Officer: Appointed | Last Reviewed: May 14, 2026

For privacy-related inquiries or to exercise your data rights, contact our Information Officer: privacy@grocza.com