1. Information Officer

In terms of POPIA, the Information Officer is:

Danielle Adams

Email: hello@flexbasetech.com

Address: 8 Grove Avenue, Claremont, Cape Town, South Africa

You may contact the Information Officer to:

• Request access to your personal information
• Request correction or deletion
• Withdraw consent
• Lodge a complaint or raise concerns

You also have the right to lodge a complaint with the Information Regulator of South Africa.

2. Information We Collect

We may collect the following types of personal information:

2.1 Information you provide

This may include:

• Name and surname
• Contact details (email and phone number)
• Address
• Identification information where required
• Banking or payment information where relevant
• Profile information
• Preferences and communications

2.2 Information collected automatically

When you use the Platform, we may collect:

• IP address
• Browser type and device information
• Access times and pages viewed
• Cookies and session data
• Usage patterns

This information helps us improve system performance, security, and user experience.

3. Purpose of Processing

We process personal information for the following purposes:

• Providing and operating the Platform
• Facilitating services and placements
• Communication with users
• Billing and administration
• Legal and regulatory compliance
• Fraud prevention and security
• Improving services and user experience
• Marketing communications (only where lawful or consented to)

We do not process personal information for purposes incompatible with these objectives.

4. Lawful Basis for Processing

We process personal information on one or more of the following bases:

• Consent
• Performance of a contract
• Legal obligation
• Legitimate business interests that do not override your rights

5. Sharing of Information

We may share personal information with:

• Employees and contractors who require access to perform their duties
• Service providers such as hosting, payment processors, analytics providers, and communication tools
• Business partners involved in delivering services
• Law enforcement or regulators where required by law

All third parties are required to protect personal information in accordance with applicable law.

6. International Transfers

Where personal information is transferred outside South Africa, we ensure that:

• Adequate safeguards are in place, or
• The transfer is necessary for service delivery, or
• The data subject has consented

7. Data Security

We implement appropriate technical and organisational measures to protect personal information against:

• Unauthorised access
• Loss or destruction
• Unlawful processing
• Disclosure or alteration

While we take reasonable steps to secure data, no system is completely secure.

8. Retention of Information

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, including:

• Financial records: minimum 5 years (legal requirement)
• Contracts and service records: duration of relationship plus up to 5 years
• Inactive accounts: typically up to 24 months unless legally required otherwise

Thereafter, data is securely deleted or anonymised.

9. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion where lawful
• Object to certain processing
• Withdraw consent
• Request restriction of processing
• Lodge a complaint with a regulator

Requests may be submitted to the Information Officer.

10. Cookies

The Platform uses cookies to:

• Enable essential functionality
• Improve performance
• Analyse usage

You may disable cookies through your browser settings, although some features may not function correctly.

11. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage users to read their policies.

12. In-Platform Communication and Chat

If you use messaging or chat features, we may collect:

• Messages and transaction details
• Contact information
• Device and usage data
• Log information such as IP address and timestamps

This data is used solely to provide and improve services and maintain platform security.

Infrastructure used to operate the Platform may include secure cloud hosting and databases operated under contractual data protection obligations.

13. Data Minimisation

We collect only the personal information necessary to provide services effectively.

14. Data Breaches

If a data breach occurs that poses a risk to users, we will:

• Notify affected individuals where required
• Notify regulators where legally required
• Investigate and remediate the incident

15. Updates to This Policy

We may update this Privacy Policy from time to time. Updates will be published on the Platform with a revised "Last updated" date.