VAT Refund Solutions

Menu
Get Your VAT Refund Now
Menu
Get In Touch

Privacy Notice

PRIVACY NOTICE

 

This privacy notice (“Privacy Notice”) applies to how VAT REFUND SOLUTIONS (PTY) LTD (“VRS”) collects, uses and processes the user’s personal information when he/she uses any of the VRS’ services, the website, and any applications.

 

 

1.            Introduction and scope

 

1.1.         This Privacy Notice, which must be read together with the Terms, sets out the basis on which any Personal Information (defined in paragraph 2 below) collected from or provided by the user, will be collected, used, stored and processed by the VRS when the user uses the website and/or the services. Unless defined elsewhere, terms in this Privacy Notice shall bear the same meaning ascribed to it in the Terms.

 

1.2.         The VRS is committed to protecting and respecting the user’s privacy. It strives to ensure that its use of the Personal Information is lawful, reasonable, and relevant to its business activities.

 

1.3.         By using the website or otherwise agreeing to the Terms, the user agrees to be bound by this Privacy Notice and, by agreeing to this Privacy Notice, the user hereby expressly consents and agrees that the VRS may collect, receive, record, organise, collate, store, update, change, retrieve, read, process, use and share the user’s Personal Information as set out in this Privacy Notice. Any one or more of the aforesaid actions constitutes “Processing” of the Personal Information.

 

1.4.         Should the user not agree with this Privacy Notice or is concerned about any aspect as it relates to the Personal Information, the user must immediately cease use of the website.

 

1.5.         This Privacy Notice applies to the VRS, and its successors-in-title and the user who browses, uses, accesses, refers to, views and/or downloads the information made available by the VRS on the Website (“Content”) and/or makes any information available to the VRS via the Website.

 

1.6.         This Privacy Notice does not apply to other third-party websites, products or services, linked to, from, or advertised on the Website.

 

 

2.            Defining Personal Information

 

2.1.           “Personal Information” includes information the user provides to the VRS when the user signs up to the website or is otherwise uploaded by the user onto the website, or automatically when the user visits the website or uses the VRS’ services. Personal information does not include de-identified or anonymous information. the VRS may also collect mainly analytical data, including from cookies, web beacons and the user’s browser directly. The user may be requested to provide the following information to the VRS when the user signs for the Services, though same is not a complete list:

 

2.1.1.  Business details, including but not limited to, name of the business, location, registration number, VAT registration number; and

 

2.1.2.  Individuals, names, title, birthdate, gender, identity number;

 

2.1.3.  Documents, including but not limited to, the business’ registration certificate, tax invoices, proof of payments, Efiling information, VAT returns, compliance status, resolutions, parties’ identity documents; and

 

2.1.4.  Contact information, including but not limited to, telephone number, e-mail address, physical and postal address; and

 

2.1.5.  Banking details.

 

2.2.           Other information which might be Personal Information may include:

 

2.2.1.     “Access Device and Device event information”: The VRS may collect information such as the user’s IP address, unique device identifier, the nature of the Access Device which the user used to access the website (e.g. a tablet or smart phone), the geographic location from which the user accessed the website (i.e. the geographic location of the Access Device), hardware model and settings, operating system type and version, browser language, system activity, crashes;

 

2.2.2.     “log information”: When the website is used, the VRS may automatically collect and store certain information in server logs (i.e. the web servers automatically record and maintain a log of their activities when users access the website , which may include the user’s “site activity information”, such as details of how, when and for how long the user accessed the website, what links the user went to, what content the user accessed, the amount of content viewed and the order of that content and the amount of time spent on the specific content;

 

2.2.3.     profile information”: The VRS may collect and process information and data usage per profile to make targeted recommendations to that profile when logged in to using the website;

 

2.2.4.     location information”: The VRS may use various technologies to determine the user’s actual location, such as geographical data from the Access Device (which is usually based on the GPS or IP location).

 

2.3.         Some of the information that the VRS receives is Personal Information, and some is non-personal information that becomes personal. In some circumstances The VRS will de-identify, anonymise or segregate information so that it may make use of it in aggregate form without treating it as Personal Information.

 

 

3.            When will Personal Information be processed?

 

3.1.         In addition to paragraph 4 below, Personal Information may be processed by us in several ways, including, when:

 

3.1.1.     the user accesses, browses or make use of the Website, and/or the Services;

 

3.1.2.     the user streams, accesses or make use of the content;

 

3.1.3.     The VRS provides Services to the user;

 

3.1.4.     the user contacts the VRS, by email or telephonically;

 

3.1.5.     The VRS carries out demographic research; and

 

3.1.6.     the user submits his/her Personal Information to the VRS for any other reason, or authorise third parties to do so.

 

4.            How Personal Information will be collected

 

4.1.         The VRS collects the user’s Personal Information in various ways, namely actively from the user, passively from the user’s Access Device when the Website is used or from the VRS’ affiliates and third-party service providers.

 

4.2.           Active collection:

 

4.2.1.     the instances set out in paragraph 3 above.

 

4.2.2.     If the user contacts the VRS, it may keep a record of that correspondence.

 

4.3.           Collection from the Access Device

 

4.3.1.     The VRS passively collects some of the user’s Personal Information from the Access Device which is used to access the Website using various technological means, for instance, using server logs to collect and maintain log information.

 

4.3.2.     The VRS also uses cookies and anonymous identifiers which enable its computer system to recognise the user when he/she visits the website to distinguish the user from other users and to improve the VRS’ service to the user, to make the website more user-friendly, as well as to give the user a more personalised experience.

 

4.3.3.     A cookie is a small piece of data (an alphanumeric identifier) which the VRS’ computer system transfers to the Access Device through its web browser when the user visits the Website, and which is stored in the user’s web browser. When the user visits the Website, the cookie allows the site to recognise the user’s browser. Cookies may store user preferences and other information.

 

4.3.4.     The user may disable the use of cookies by configuring his/her browser to refuse all cookies or to indicate when a cookie is being sent. However, should the user elect to do so, he/she may not be able to enjoy all of the features and functionality of the Website.

 .

4.3.5.     The information which the VRS may passively collect from the Access Device may include the user’s identifying information, contact details, Device and Device event information, site activity information, log information, location information, and any other information which the user permit the VRS, from time to time, to passively collect from the Access Device.

 

 

5.                Use of Personal Information

 

5.1.         The VRS uses the information collected to provide, maintain, and improve the services, to develop new services, and to protect itself, its services and its users. The VRS constantly strives to improve its users’ experience, and it therefore also uses the information collected to offer more relevant information and content.

 

5.2.           The use of Personal Information may relate or be required to:

 

5.2.1.     to retain and make available to the user information on the Website;

 

5.2.2.     to establish and verify the user’s identity on the Website;

 

5.2.3.     fulfil the user’s requests for certain Services;

 

5.2.4.     diagnose and deal with technical issues and support queries and other user queries, such as problems with the server, determine the optimal and fastest route for the Access Device to use in connecting with the website, and administer, maintain and secure the website;

 

5.2.5.     detect, prevent or deal with actual or alleged fraud, security or the abuse, misuse or unauthorised use of the website and/or contravention of this Privacy Notice;

 

5.2.6.     provide the user with the latest information about the services, subject to the user’s communications preferences;

 

5.2.7.     to communicate with the user and maintain records of such communications, including to inform the user about any changes to the website and services or any other changes;

 

5.2.8.     compile non-personal statistical information about browsing habits, click patterns and access to the website;

 

5.2.9.     improve the website, analyse trends and administer the website, including requesting feedback on content and the services;

 

5.2.10.  fulfil any contractual obligations the VRS may have;

 

5.2.11.  improve the user’s experience and the overall quality of the services;

 

5.2.12.  for security, administrative and legal purposes; and

 

5.2.13.  other activities not specifically mentioned which are lawful, reasonable, relevant to the VRS’ business activities and the minimum necessary and adequate in order for it to provide the website and the services.

 

5.3.         In certain circumstances and subject to the user’s preferences as indicated when he/she provided the relevant Personal Information, the user agrees that the VRS may also make his/her Personal Information available to The VRS’ affiliates, members, or strategic/industry partners (“Partners”) for them to use. Such use by a Partner shall be in accordance with this Privacy Notice, to the extent applicable.

 

 

6.            Sharing of Personal Information

 

6.1.         The VRS will not intentionally disclose any of the Personal Information to third parties, except:

 

6.1.1. where the user has granted permission to do so;

 

6.1.2. for the purposes of The VRS’ legitimate business interests, or

 

6.1.3. where the VRS is required to do so in terms of applicable law or regulation.

 

6.2.         The user hereby expressly agrees that his/her Personal Information may be shared under the following circumstances:

 

6.2.1.     with affiliates, agents, advisers, service providers and suppliers which have agreed to be bound by this Privacy Notice;

 

6.2.2.     with the VRS’ employees, contractors and agents if and to the extent that they need to know that information in order to process it and/or to provide services for or to the VRS, such as site hosting, development and administration, technical support, marketing services and other support services;

 

6.2.3.     in order to enforce or apply the Terms;

 

6.2.4.     in order to protect the VRS’ rights, property or safety or that of other users, employees, contractors, agents and any other third party;

 

6.2.5.     in order to mitigate any actual or reasonably perceived risk to The VRS, other users, employees, contractors, agents or any other third party;

 

6.2.6.     The South African Revenue Service;

 

6.2.7.     If the user is a resident of a foreign country, such foreign country’s Revenue Services (only if applicable and required by law);

 

6.2.8.     Banks and Foreign Exchange Trading Companies;

 

6.2.9.     Department of Home Affairs;

 

6.2.10.  Department responsible for International Affairs;

 

6.2.11.  Third party service providers such as Amazon and ChatGPT;

 

6.2.12.  with any other governmental agencies, exchanges and other regulatory or self-regulatory bodies if the VRS is required to do so by law or if the VRS reasonably believes that such action is necessary.

 

6.3.         The VRS may use the Personal Information to compile profiles for statistical purposes, provided that the profiles or statistical data cannot be linked back to the user by a third party.

 

6.4.         The VRS will obtain the user’s permission before disclosing his/her Personal Information to any third party for any other purpose.

 

7.            Acceptance

 

7.1.         The user may not use any of the VRS’ services or visit the website unless he/she accepts this Notice.

 

8.            Storage and transfer of your Personal Information

 

8.1.         The Personal Information is stored on the VRS’ servers and/or on third party servers.

 

8.2.         The VRS reserves the right to transfer to and/or store the Personal Information on servers in a jurisdiction other than where it was collected, and such jurisdiction may not have comparable data protection legislation.

 

8.3.         If the location that Personal Information is transferred to does not have substantially similar laws which provide for the protection of Personal Information, the VRS will take reasonably practicable steps to ensure that the Personal Information is adequately protected in that jurisdiction.

 

 

9.            Security

 

9.1.         Although absolute security cannot be guaranteed on the Internet, the VRS takes reasonable technical and organisational security measures to protect the Personal Information against accidental or intentional manipulation, loss, misuse, destruction or against unauthorised disclosure or access to the information that it processes online.

 

9.2.         While the VRS cannot ensure or warrant the security of any Personal Information provided to it, it will continue to maintain and improve these security measures over time in line with legal and technological developments.

 

9.3.         The VRS will take reasonable, practicable steps to ensure that the persons to whom the Personal Information may be disclosed in terms of this Privacy Notice have implemented, and maintained, the appropriate technical and organisational measures aimed at preventing unauthorised access to, or disclosure of the Personal Information.

 

 

10.          Retention of the Personal Information

 

10.1.      The VRS may retain all Personal Information that it collects so long as it remains necessary for the purposes for which it was collected unless there is a valid technical, legal or business reason for it to delete, destroy or de-identify it.

 

10.2.      Further, the VRS may keep some of the Personal Information for as long as it is required by law, a code of conduct or reasonably required for lawful purposes related to its functions and activities; or for evidentiary purposes or where the user agrees to the VRS keeping it for a specific period.

 

11.          Keeping the Personal Information updated and correct

 

11.1.      To the extent required by law, the VRS will take steps to ensure that the Personal Information is accurate, complete, not misleading, and up to date having regard to the purpose for which the information was collected or used.

 

11.2.      The user must inform the VRS if he/she believes that any information collected is incorrect, incomplete, misleading or out of date.

 

11.3.      The user may request that the Personal Information be deleted if it is no longer required for the purposes for which it was collected or required by the VRS in terms of any applicable law.

 

12.          Third party sites

 

12.1.      The VRS is not responsible for the privacy practices of a third-party site to which there may be a link on the Website, and/or any content on the website.

 

12.2.      The VRS advises the user to read the terms and conditions, as well as the privacy Notice of each site which the user visits and to determine his/her privacy settings in accordance with his/her personal preferences.

 

 


Direct marketing

 

12.3.      When the user uses the website, and/or the services he/she may receive marketing communications from the VRS.

 

12.4.      The user may refuse to accept, require the VRS to discontinue, or pre-emptively block any approach or communications from the VRS if that approach or communication is primarily for the purpose of direct marketing (“direct marketing communications”).

 

12.5.      The user may opt out of receiving direct marketing communications from the VRS at any time by requesting it (in any manner, whether telephonically, electronically, in writing or in person) to desist from initiating any direct marketing to the user.

 

12.6.      If the user has opted-out, the VRS may send him/her written (which may include electronic writing) confirmation of receipt of the opt-out request, and not send him/her any further direct marketing communications.

 

12.7.      The user may (in terms of the Consumer Protection Act, 2008) register a pre-emptive block against direct marketing communications. If he/she does so, the VRS will not send him/her direct marketing communications unless he/she has expressly consented to receiving direct marketing communications from the VRS.

 

13.          Changes to this Privacy Notice

 

13.1.      The VRS may unilaterally change this Privacy Notice from time to time.

 

13.2.      The user hereby agrees to review the Privacy Notice whenever he/she visits the website, for any amendments. Save as expressly provided to the contrary in this Privacy Notice, the amended version of the Privacy Notice shall supersede and replace all previous versions thereof.

 

13.3.      The VRS will not use or disclose Personal Information provided to it pursuant to this Privacy Notice in ways other than the ones contemplated above, without informing the user and providing him/her with the opportunity to consent to such modified conditions concerning the use and disclosure of his/her Personal Information.

 

14.          CPA, POPI and other laws

 

14.1.      If this Privacy Notice or any provision in this Privacy Notice is regulated by or subject to the Consumer Protection Act, 68 of 2008 (“Consumer Protection Act”) the Protection of Personal Information Act, 4 of 2013 (“POPI”) or other laws, it is not intended that any provision of this Privacy Notice contravenes any provision of the Consumer Protection Act, POPI or such other laws. Therefore, all provisions of this Privacy Notice must be treated as being qualified, to the extent necessary, to ensure that the provisions of the Consumer Protection Act, POPI and such other laws are complied with.

 

14.2.      No provision of this Privacy Notice:

 

14.2.1.  does or purports to limit or exempt the VRS from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or willful default or that of any other person acting for or controlled by it) to the extent that the law does not allow such a limitation or exemption;

 

14.2.2.  requires the user to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or

 

14.2.3.  limits or excludes any warranties or obligations which are implied in this Privacy Notice by the Consumer Protection Act (to the extent applicable), POPI (to the extent applicable), or other applicable laws or which the VRS gives under the Consumer Protection Act (to the extent applicable), POPI (to the extent applicable), or other applicable laws, to the extent that the law does not allow them to be limited or excluded.

 

 

15.          Governing law

 

15.1.      The contents of this Privacy Notice shall be governed by South African law.

 

15.2.      If any provision of this Privacy Notice is judged to be illegal, void or unenforceable due to applicable law or by order of a court of competent jurisdiction it shall be deemed deleted and the continuation in full force and effect of the remainder of the provisions will not be prejudiced.