SKEDADEL DATA PRIVACY AND PROTECTION POLICY 

1. Explanatory Note

1.1 When you use Skedadel, you entrust us with your personal information also known as data. Skedadel is unable to operate their Skedadel Delivery System and deliver goods which you order promptly and efficiently without your personal information. For this reason it is absolutely crucial for Skedadel to ensure that treats your personal information with absolute fidelity and integrity.

1.2 The purpose of this policy document is to ensure that you clearly understand the policies that Skedadel and all the users of the Skedadel delivery at and related network, i.e. customers, vendors, delivery drivers and third party service providers, must strictly comply with.

1.3 This document describes the personal data we collect, how it’s used and shared, and the users’ respective elections available to them in relation to this data. 

Kindly read this document carefully and ensure you understand it.

2. Area of Operation

2.1 Skedadel operates in the Republic of South Africa. This policy document is only applicable in the Republic of South Africa to users of Skedadel’s services, including users of Skedadel’s apps, websites, features, or other services.

2.2 This notice describes how Skedadel and its affiliates collect and use personal data. This notice applies to all users of Skedadel’s app, websites, features, or other services in the Republic of South Africa users of the Skedadel delivery at and related network, i.e. customers, vendors, delivery drivers and third party service providers.

2.3 This notice governs Skedadel’s personal data collection practices in connection with Skedadel’s services and must be read with Skedadel’s “Personal Information Protocol” to be found at the end of this notice on. All those subject to this notice are referred to collectively as “users” in this notice.

2.4 The collection, assimilation, storage and use of Personal Information in the Republic of South Africa is primarily governed by the Protection of Personal Information act no 4 of 2013 and its related regulations, as amended from time to time. Skedadel fully acknowledges that it is bound to comply with this legislation fully, and if for any reason, anything contained in this notice or Skedadel is Personal Information Protocol attached to this notice conflicts with the Reflection of Personal Information Act of the Republic of South Africa, any such conflicting clause, or a portion of the clause that conflicts with this act, shall be deemed to be invalid and of no force and effect, however the rest of this notice shall be valid and enforceable insofar as it does not conflict with the aforementioned Act or related legislation.

3. Responsible Data Custodian

3.1 D3MAND Technology PTY LTD is responsible for election, control and handling of all personal data collected in connection with use of Skedadel’s services in the Republic of Africa.

3.2 Questions, comments, and complaints about Skedadel’s data practices can be submitted to support@skedadel.co.za. You may also use this address to submit a question to Skedadel’s Data Protection Officer.

4. Data Collection and Use

4.1 Skedadel collects, assimilates, stores and users data which is essential for opening an account with Skedadel, from customers; Location, app usage, device data and other related information is collected to optimise utilisation of the app by the customer and the Delivery Driver; third party data from users of Skedadel Application Programming Interfaces.

4.2 Skedadel collects, assimilates, stores and uses customer user profile data including their name, email, phone number, login name and password, address, profile picture, payment or banking information (including related payment verification information), driver’s license and other government identification documents (which may indicate document numbers as well as birth date, gender, and photo); vehicle or insurance information of delivery drivers, emergency contact information, user settings, gender and/or occupation, where applicable; photos submitted by users to verify their identities, such as through facial recognition; background check and identity verification information for delivery drivers; information such as driver history, drivers licence and criminal record, where applicable; information relating to the age of the customer where alcohol or cigarettes are ordered; general non-personal demographic data about users received directly from the users or alternatively from a third party for the purpose of assisting us to optimise the delivery service; customer feedback information relating to customer service for optimisation of the efficiency and promptness of the delivery service, ensuring that all businesses in the network, and delivery drivers optimise their service to customers; logistical data populated during the ordering and delivery process, including establishment or retail outlet location data;  precise or approximate delivery driver and customer location data  is assimilated in real-time and  synchronised between the central data collection point or points and devices of retail outlets, establishments, drivers and customers via the Skedadel app, only when the Skedadel app is active and enabled on the respective device, accurately updating all participants in real-time as to the location of the public responsible for providing the goods, the position of the delivery driver and the customer, respectively, to ensure optimisation of the efficiency and convenience of the chain of delivery and to enhance safety features, detect and prevent fraud wherever possible. 

4.3 Delivery driver location data, and links location data is collected 24/7, even if the delivery driver’s Skedadel app is not enabled to facilitate the provision of services such as receipt generation and customer support to delivery drivers. 

4.4 Transaction information is collected, including the description and quantity of the goods and services ordered for delivery, order details, delivery information, date and time the service was provided, amount charged, distance travelled, and payment method. 

4.5 Usage data including access dates and times, app features or pages viewed, app crashes and other system activity, type of browser, and third-party sites or services used before interacting with our services, including via the use of cookies, pixels, tags, and/or similar tracking technologies that facilitate this process

4.6 Skedadel collects data about the devices used to access our services, including the device models, IP address, operating systems and versions, software, preferred language, unique device identifiers, advertising identifiers, serial numbers, device motion data, and mobile network data.

4.7 All users of the Skedadel app are able to communicate with each other and Skedadel via the app and its related network. Delivery drivers, retail outlets and restaurants and customers may interact with each other by voice call, WhatsApp, text (SMS) and/or unique internal messaging system and where applicable they are able to send files to each other, ordinarily without disclosing their respective mobile phone numbers.  Skedadel receives, collects and assimilates certain data regarding the calls, texts, whatsapps or other communications, including the date and time of the communications and the content of the communications. Skedadel uses this data for customer support services, including dispute resolution between users, enhancement of safety and security, improvement of Skedadel products and services, and for analytics.

4.8 Audio or video recordings lawfully recorded and sent by customers or service providers to Skedadel or affected network participants are collected, assimilated, and stored, securely, in encrypted format, on a strictly confidential and case sensitive basis, for the purpose of enabling customers and service providers to record any unlawful activity, poor service, relevant misconduct, or safety incidents. 

4.9 Skedadel collects, assimilates and stores user feedback, ratings, and compliments; referrals from users and third parties or prospective customers; data relating to third-party delivery requests from existing account holders, including retail outlets and establishments; Skedadel business network participant data (vendors’ data); relevant service provider data; payment facilitation data, social media services, or apps or websites that utilise Skedadel’s Application Programming Interfaces; data from third party business participants whose Application Programming Interfaces utilised by Skedadel or processing transactions and related activities; data from third-party service providers to assist Skedadel with user of verification and background checks where applicable;  data from insurance, vehicle, or financial services providers for delivery drivers, publicly available sources and marketing service providers.

4.10 In order to ensure optimum performance of Skedadel’s app-based delivery service through its entire network of operation, it is essential for Skedadel to assimilate and/or combine any data collected. This data is stored according to its Skedadel Personal Information Protocol (attached hereto.)

4.11 Skedadel collects and uses data to enable optimum, efficient, reliable and convenient delivery of goods and services ordered by customers, which absolutely requires real-time clear communication between Skedadel, vendors, third party service providers and customers and other products and services. 

4.12 Personal data collected is used to enhance the safety and security of vendors and customers alike; for customer support; for research and development in order to constantly improve our offering; to enable communications between users in real-time; to send marketing, and service related communications to users; In connection with legal proceedings were Skedadel is required to co-operate with the respective lawfully constituted authorities.

4.13 Skedadel does not sell or share user personal data with third parties under any circumstances for their direct marketing, except with users’ express consent, and subject to full compliance with all requirements as stipulated in the Protection of Personal Information Act no 4 of 2013, of the Republic of South Africa.

4.14 Skedadel uses the data it collects to provide, personalize, maintain, and improve its products and services, including creation of and updating users’ accounts; verification of delivery drivers’ identity, background history, and eligibility to work; conducting background checks on all directors, shareholders, staff of vendors and franchisees participating in the Skedadel business network via the Skedadel app and related technology; to facilitate,, constantly improve, and optimise, fluid and efficient logistics, deliveries, and other services; to offer, process, or facilitate payments for our services; to offer, obtain, provide, or facilitate insurance, vehicle, invoicing, or financing solutions in connection with its services to monitor, in real-time, and share, the progress of rides or deliveries; to enable features that allow users to share information with other people, such as when riders submit a compliment about a driver, when delivery recipients provide feedback for a restaurant or delivery person, refer a friend to Skedadel, split fares, or share ETA and location with their contacts; to enable features to personalize users’ Skedadel accounts, such as creating bookmarks for favourite places, and to enable quick access to previous destinations; to enable accessibility features that assisting disabled users to use our services; to perform internal operations necessary to provide our services, including to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends

4.15 Skedadel uses personal data to optimise, constantly upgrade and improve  the safety, security, and integrity of our services constantly maximising and prioritising protection of users in real-time, including comprehensively screening and verifying all delivery drivers, vendors and franchisees’ credentials, including those of their staff to prevent criminals, potential criminals or high risk individuals with a compromised credit history, or a history of unlawful social media or internet activity, from accessing or utilising and/ or compromising the Skedadel app, network and related business ecosystem.

4.16 Skedadel may use data from delivery drivers’ devices to monitor their driving habits and ensure that they comply with the law and drive safely, and Skedadel uses data from delivery drivers’ devices to verify the vehicles they use and to ensure that they are in a satisfactory condition and are roadworthy, and do not have the potential to endanger customers or vendors or members of public or damage the Rand and image of Skedadel.

4.17 Skedadel uses information derived from driver’s license photos, and other photos submitted to Skedadel, for safety and security purposes to ensure that the duly authorised driver of all delivery vehicles is in control of and driving the vehicle at all times and preventing an unverified high-risk third-party from unlawfully conducting the delivery on behalf of the driver who should be doing so, in real-time. 

4.18 Skedadel constantly compares photographs on file against photographs of other users to prevent identity-borrowing, and from public databases to verify user identity; uses device, location, profile, usage, and other data to prevent, detect, and combat fraud or unsafe activities utilises user ratings and feedback to disincentivise socially unacceptable behaviour, and the behaviour or inefficiency on behalf of delivery drivers, and automatically deactivates delivery drivers who fail to maintain a satisfactory score on Skedadel’s algorithmic delivery driver scorecard.

4.19 Skedadel uses the information collected (including recordings of customer support calls with notice to and the consent of the user) to provide customer support, including addressing questions to the appropriate customer support person; investigating and addressing user concerns; monitoring and improving our customer support responses and processes; for testing, research, analysis, product development, and machine learning to constantly enhance the user experience, safety and security of our services, prevention of unlawful activity which could be harmful to users, and system integrity, development of new features and products;  for optimising real-time vendor and customer communications and location and assistance in order to ensure, as far as possible, a secure, convenient and prompt service to vendors and customers alike; to ensure that customers are fully informed at all times of our services, features, promotions, news, updates, events and product enhancements and those of our Skedadel network partners.

4.20 It is the express policy of Skedadel not to sell users’ personal data to, any third parties whatsoever, including but not limited to network partners, to facilitate direct marketing under any circumstances.

4.21 Any data transmitted to participating network partners for related third parties, is only transmitted to them subject to the strict written terms and conditions enforcing absolute confidentiality and restrictive conditions under which they are permitted to utilise such data.

4.22 Skedadel may use the data to personalize the marketing communications (including advertisements) that we transmit to customers.

4.23 Skedadel uses the data to generate and transmit receipts to customers and inform them of changes to our terms, services, or policies.

4.24 Skedadel shall be fully entitled to utilise personal data collected for the purpose of conducting investigations into or resolving complaints or disputes pertaining to Skedadel vendors’, users and customers’ service experience, and for the purpose of cooperating with any investigation by South African Police Services or any related government regulatory authority.

4.25 Skedadel uses personal data to make automated decisions relating to use of our services which includes enabling real-time pricing and invoicing for Skedadel orders, determined based on variable algorithmic input, such as product prices collection time, traffic, distance, optimised route, availability of delivery driver; data utilised to optimise utilisation of delivery drivers in real-time; data utilised to rate the delivery drivers, deactivate or them based on the service and performance, or lack thereof; data utilised to deactivate any customers with a criminal background, who have committed fraud, or mistreat vendors or drivers or failed to pay in the past.

4.26 Skedadel fully reserves the right to deactivate any users who abuse Skedadel services, or indicate, based on high-risk history or high-risk conduct that they have the potential to negatively affect Skedadel, vendors, franchisees, third party service providers or customers in any way whatsoever.

4.27 Skedadel utilises information related to delivery driver location and customer behaviour to determine whether any cancellation fees for additional pricing, or pricing adjustments are to be levied where appropriate. 

4.28 Skedadel shall be entitled to utilise any information received from the public in relation to historical unlawful or abusive conduct in relation to Skedadel’s services by vendors, delivery drivers customers and determine the appropriate remedial action. 

4.29 If for any reason a user has reason to believe that a vendor, delivery driver or customer has committed any misconduct in relation to the Skedadel delivery network, or otherwise, or historically committed misconduct which indicates that he will she or it constitutes a potential risk to the integrity of the Skedadel delivery network or other users, and should be deactivated, sanctioned or penalised in any manner, kindly contact Skedadel customer support by clicking the link below.

4.30 Skedadel utilises small text files known as “cookies”, and other identification technology on our apps, websites, emails, and online ads to assist you to “remember” the last time you visited any of our websites or utilised in Skedadel application or services and to assist us with identifying you if you revisit our website or utilised any of the services in order to authenticate users; evaluate content effectiveness and popularity; enhance our services and optimise security.

4.31 In order to facilitate optimal functioning of our delivery-service and related communication technology within our Skedadel delivery app, its network, and its business ecosystem, it is absolutely essential for Skedadel to share certain user data with vendors and customers, or, with users express consent, our network-participants.

4.32 Skedadel does not share any data without express consent of the owner of that data. Data collected from customers, vendors and network-participants is utilised as restrictively as possible with the utmost discretion and confidentiality, solely to constantly optimise and enhance Skedadel’s services, and is shared with third parties, who expressly consent in writing to strict confidentiality, restricted, and lawful use of the data, strictly subject to utmost confidentiality, and data integrity protocols which comply with all South African legislation including but not limited to the Protection Of Personal Information Act no. 4 of 2013 of the Republic of South Africa, and it’s applicable Regulations, as amended, in all respects. 

5. Skedadel May Collect and Share

5.1 delivery drivers’ names, ratings, real-time location where required, pickup and/or drop-off locations with other drivers; customer’s first name, delivery address, and order information with the driver delivering the order, and the vendor, retail outlet or restaurant making the goods ordered available for collection to the delivery driver; ratings and feedback, and other relevant necessary information, with the vendor and the delivery driver.

5.2 Skedadel shares the delivery driver’s name and photo; vehicle make, model, colour, license plate, and vehicle photo; real-time location; average rating provided by users; total number of trips; length of use of the Skedadel app; contact information where required and permitted by law; and delivery driver’s personal Skedadel profile, including compliments and other feedback submitted by past users with all vendors. 

5.3 Skedadel provides delivery drivers and customers with receipts, account statements, delivery driver’s first name, photo, route map, and such other information required on invoices where applicable.

5.4 Skedadel collects, stores and assimilates data required to operate Skedadel’s referral bonus program which is shared only in so far as is strictly necessary to compute the applicable referral commission. 

5.5 In certain limited circumstances Skedadel shares information, at the customer’s express request, with other people i.e. ATA and location with a friend of the user.

5.6 Skedadel may share certain data with third party vendors and service providers, who utilise, and are integrated in Skedadel’s system network, such as vendors’ promotional purposes.

5.7 Questions or comments from users submitted through public forums such as Skedadel blogs and Skedadel social media pages may be viewable by the public, including any personal data included in the questions or comments submitted by a user.

5.8 If a customer requests a delivery using an account owned by a third party, Skedadel may share the relevant order or trip information, including real-time location data, with the third party account holder, i.e. where a delivery driver uses an account owned by or associated with a Skedadel franchisee company or a vendor.

5.9 Skedadel shares data with its subsidiaries, affiliated service providers, and franchisees to help them provide our services or conduct data processing on our behalf. 

5.10 Skedadel provides data to vendors such as retail outlets, restaurants, takeaways, third party service providers such as network engineering consultants where applicable, marketing specialists, including payment  processing service providers, background check and identity verification service providers, appropriately accredited and secure cloud storage providers, Google Inc. for real-time location pin-pointing, via Google Maps in conjunction with Skedadel’s apps (see Google’s privacy policy for information on their collection and use of data),Facebook, in connection with the use of the Facebook Business Tools in conjunction with Skedadel’s apps and websites (see Facebook’s privacy policy for information on their collection and use of data), marketing partners and marketing platform providers, including social media advertising services, lawful and duly credited data analytics service providers, third party research specialists, third-party security enhancement and data protection service providers, appropriately accredited and lawfully constituted consultants, lawyers, accountants, and other professional service providers, vendors including restaurants, takeaways, retail outlets and their duly authorised point of sale and real-time banking related service providers.

5.11 Skedadel may share users’ personal data if it is required by law, regulation, operating license or agreement, or where the disclosure is otherwise appropriate protection of individuals, entities, institutions and/or Skedadel network and systems integrity, safety and/or security or related lawful and valid reasons.

5.12 Skedadel may require to share personal data with law enforcement officials, public health officials, other government authorities, or other third parties if it is strictly necessary to enforce any Skedadel contractual terms as against service providers, vendors or customers so as to protect Skedadel’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services.

5.13 Skedadel shall be required by law to share their customer or vendor’s data, including trip or order information, with the owner of a credit card.

5.14 Skedadel may share a user’s personal data other than as described herein if expressly and lawfully consented to by that user.

5.15 Subject to strict compliance with the Protection of Personal Information Act no. 4 of 2013 of the Republic of South Africa, and any of its applicable regulations, as amended, and Skedadel’s Personal Information Protocol (attached hereto), Skedadel shall retain user data for as long as is necessary.

5.16 Users may request deletion of their accounts at any time. Skedadel may retain user data after a deletion request of complying with legal or regulatory requirements including but not limited to the Protection of Personal information Act of the Republic of South Africa, or any other reasons stated herein.

5.17 Customers, vendors and third party service providers offer limited, subject to any written agreement to the contrary, may request deletion of their account at any time through the Settings > Privacy menus in the Skedadel app, or through Skedadel’s website at the appropriate link for the particular category of user. 

5.18 Following an account deletion request, Skedadel shall delete the user’s account and data, unless they must be retained due to legal or regulatory requirements, for purposes of safety, security, and fraud prevention, or because of an issue relating to the user’s account such as outstanding credit or an unresolved claim or dispute. 

5.19 The Protection of Personal Information Act of the Republic of South Africa no 4 of 2013, and it’s applicable Regulations, as amended, requires Skedadel to retain certain data for a particular periods stipulated therein, and Skedadel strictly complies with any data retention stipulations contained in this legislation and has compiled a Personal Information Protocol which it is strictly follows (attached hereto.)

5.20 In view compliance with the Protection of Personal Information Act of the Republic of South Africa no 4 of 2013, and it’s applicable Regulations, as amended, vendors account information etc. is retained for minimum of 7 years, however delivery drivers and customers’ information is not retained for more than 30 days from the deletion request subject to the particular account not being required for legal enforcement or investigation.

5.21 Skedadel strictly only collects and utilises personal data when it is lawfully permitted to do so for the purpose of providing, securing and enhancing Skedadel services and features, to comply with the law and legislation, protect Skedadel’s rights, and those of its vendors, service providers and delivery drivers, and such personal data is only collected and utilised with consent of the person or entity to whom this personal data belongs.

5.22 Reasons for collecting and utilising personal data include but are not limited to provision of, enhancement of Skedadel services and features as requested

5.23 User-profile data, is used to establish and maintain user accounts; verify user identity; communicate with users about their trips, orders, and accounts; and enable users to make payments or receive earnings.

5.24 Trip information and applicant’s history is used to verify an applicant’s eligibility to be a delivery driver

5.25 Delivery drivers’ location data is used to monitor their trips and/or progress and/or estimated time of arrival to respective waypoints, and assist with navigation, updating of vendors and customers in real-time.

5.26 Usage data, is essential for maintaning, optimizing, and enhancing Skedadel’s services, including to determine incentives, connect delivery drivers, and calculate costs of trips and driver earnings.

5.27 Transaction information, and information relating to customer support is essential for self- explanatory reasons.

5.28 Personal data required to maintain and enhance our users’ safety and security is essential to protect Skedadel from, and, prevent use of our services by users who have engaged in inappropriate, dangerous, or unlawful conduct, or to prevent matching of delivery drivers and/or vendors and/or customers who are at a higher risk of conflict for confrontation due to historical or algorithm-based dedications, such as a record of prior conflict, or prevention of fraud; enhancement of our services, lawful and appropriate consent-based direct marketing, research, and development; and enforcing Skedadel’s contractual rights in relation to vendors, third-party service providers and customers, or using personal data, where appropriate, for the purpose of providing legal protection and insurance related information to members of the public.

5.29 Skedadel is subject to the Protection of Protection of Personal Information Act of the Republic of South Africa no 4 of 2013, and it’s applicable Regulations, as amended which stipulates certain policies and procedures in relation to collection of, sharing, and/or storage of personal data for particular periods and Skedadel strictly complies with this legislation and related legislation, only receiving, collecting, assimilating and storing data as required by this legislation, and in accordance with the legislation’s stipulated protocols and procedures. Skedadel complies with Skedadel’s Personal Information Protocol attached to this notice at the end, and Skedadel strictly requires all its third party service providers to contractually agree to comply with Skedadel’s Personal Information Protocol at all times in relation to receipt, collection, assimilation and storage of users’ Personal Information at all times.

5.30 Skedadel may also share data with law enforcement regarding criminal acts or threats to public safety, or requests by third parties pursuant to legal processes. Skedadel may also share information with public health authorities where required or permitted by law. 

5.31 Skedadel only collects and uses personal data subject to user’s consent which may be revoked at any time. If user-consent is revoked, that user shall no longer be entitled to utilise any of Skedadel’s Services which require of unique personal data. 

5.32 Any user who has consented consent to a collection or use of their personal data can revoke it at any time, however, the user will not be able to use any service or feature that requires collection or use of that user’s personal data.

5.33 Upon withdrawing permission to utilise or store personal data from a particular user, the data shall immediately be deleted, subject to the condition that if the data is required by law enforcement bodies such as South African Police Services, for example, or for civil enforcement by Skedadel or a network participant, it shall be retained until no longer required.

5.34 Skedadel enables users to access and control the data that Skedadel collects, including through in-app settings; device permissions; in-app ratings pages; marketing opt-outs.

5.35 Skedadel enables users to request access to or copies of their data, changes or updates to their accounts, deletion of their accounts, or that Skedadel restrict its processing of user personal data.

5.36 Settings menus in the Skedadel app for delivery drivers enables them to input unique location update and sharing, and mobile notification preferences. 

5.37 Information about these settings, how to set or change these settings, and the effect of turning off these settings is clearly explained on the Skedadel app.

5.38 Skedadel uses delivery drivers’ device location tracking services to facilitate management of optimal real-time selection and utilisation of delivery drivers, and assisting delivery drivers with navigation, in order to optimise punctuality and minimising collection and delivery delays, constantly improving Skedadel’s services, customer and vendor service and support.

5.39 Delivery Drivers may permit or prohibit location data collection from their mobile devices by Skedadel via Settings > Privacy menus in the Skedadel app. Delivery drivers and customers may permit or prohibit disallow such collections through the settings on the Skedadel app downloaded on their mobile device.

5.40 Customers and vendors who have enabled Skedadel to collect location data from their mobile device may also enable Skedadel to share their location with delivery drivers from the time the delivery order is placed. This facilitates seamless, efficient and punctual collection and delivery of orders. This also assists Skedadel, vendors and drivers to communicate in real-time with the customers, and vice versa, as to accurate estimated times of collection and delivery.

5.41 Customers and delivery drivers who have enabled Skedadel to collect location data from their mobile device may also enable the Emergency Data Sharing feature that shares data with emergency police, fire, and ambulance services. Such data includes approximate location at the time the emergency call was placed; the car’s make, model, colour, and license plate information; the rider’s name and phone number; pickup and drop-off locations; and the delivery driver’s name.

5.42 Skedadel provides users with trip status notifications and updates related to activity on their account. These notifications are an essential part of utilising the Skedadel app and may not be disabled. However, users may select the method by which they receive these notifications on the Skedadel app.

5.43 Users may enable Skedadel to send notifications about discounts and news from Skedadel. Notifications may be enabled or disabled by the Skedadel app.

5.44 Customers who have elected to receive communications from vendors and related retail partners may stop sharing their data with any of the vendors or related retail partners via the Skedadel app.

5.45 Most mobile device platforms (iOS, Android, etc.) have defined certain types of device data that apps may not access without the device owner’s permission, and these platforms have different methods of obtaining permission. iOS devices notify users the first time the Skedadel app requests permission to access certain types of data and gives users the option to grant or refuse permission. Android devices notify users of the permissions that the Skedadel app seeks before their first use of the app, and use of the app constitutes a grant of such permission.

5.46 Customers, vendors, retail partners, and delivery drivers are able to rate each other on a scale from 1 to 10. An algorithmic rating functionality in the back end of the Skedadel app assimilates and analyses this data and rates the respective parties in accordance with the median ratings associated with a particular party, in real-time. These ratings are displayed, where appropriate, to the respective users requiring such information. The utmost discretion is used at all times with regard to the rating system.

5.47 This rating system is essential to incentivise all participants in the Skedadel network to optimise their behaviour and to dis-incentivise antisocial, negative, high-risk behaviour, misconduct or service. 

5.48 Users may elect not to receive promotional emails from Skedadel on the app. Users may also opt out of receiving emails and other messages from Skedadel by following the unsubscribe instructions in those messages. Skedadel may still transmit non-promotional communications such as receipts for rides or information about their account to users who have opted out.

5.49 Skedadel provides users with a variety of methods to learn about, control, and submit questions and comments about Skedadel’s handling of their data on the Skedadel app.

5.50 Users may ask for an explanation of the data we collect from them and how we use it via the Skedadel app.

5.51 Users may request a copy of data that Skedadel collects from them with their consent or as necessary to provide our services via the Skedadel app.

5.52 Users may edit the name, phone number, email address, payment method, and photo associated with their account, or request Skedadel to amend or update their data, including if they believe such data is inaccurate or incomplete via the Settings menu in the Skedadel app. 

5.53 Users may file a complaint relating to Skedadel’s handling of their personal data with the Information Regulator as stipulated in sections 74 and 75 of the Protection of Personal Information Act no. 4 of 2013.

5.53 Users may request deletion of their account at any time via the Skedadel app.  

5.54 Users may request that Skedadel ceases to collect, store or utilise all or some of their personal data, or that it limits Skedadel’s use of their data Via the Skedadel app. Skedadel may continue to process data after such objection or request to the extent required or permitted by the Protection of Personal Information Act no. 4 of 2013, as amended.

5.55 Users may file a complaint relating to Skedadel’s handling of their personal data with the Information Regulator as stipulated in sections 74 and 75 of the Protection of Personal Information Act no. 4 of 2013.

5.56 To participate as a Skedadel user, you must permit the Skedadel Delivery Services to access your location services through the permission system used by your mobile operating system or browser. Skedadel may collect the precise location of your device when the Skedadel app is running in the foreground or background of your device. We may also establish your approximate location from your IP address. We use your location information to verify that you are present in your preferred region or city when you begin or engage in a delivery through the Skedadel Delivery Services, connect you with delivery opportunities in your zone, and track the progress and completion of your Deliveries. You may enable the location tracking feature through the settings on your device or Platform or when prompted by the Skedadel mobile app which you are required to download. If you select to disable the location feature through the settings on your device or Platform, Skedadel will not receive precise location information from your device, which will prevent you from being able to receive notification of delivery opportunities in your area  

SKEDADEL PERSONAL INFORMATION PROTOCOL

1. COMPLIANCE WITH THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013 AND REGULATIONS AND RELATED DATA PROTECTION LEGISLATION OF THE REPUBLIC OF SOUTH AFRICA 

1.1 Skedadel shall make or obtain and maintain all necessary registration or filings and notifications or consents which such it is obliged to obtain and maintain pursuant to the Protection of Personal Information Act, No. 4 of 2013 and its Regulations and related data protection legislation of the Republic Of South Africa in relation to Users’ Information and Skedadel Information.  

1.2 Skedadel shall nominate a representative within its organisation with responsibility to respond to all of Users’ queries regarding the processing of Users’ Information and Skedadel shall ensure that it responds to all such queries promptly, being a reasonable period of time (not to exceed any statutory imposed time limit). 

1.3 Where Skedadel receives, processes, transmits, archives, purges or stores any Users’ Information on behalf of Users’ in the role of an Operator, Skedadel represents and warrants that Data Safeguards shall be implemented as agreed. Information security procedures, processes and systems shall at all times meet all applicable obligatory statutory and regulatory requirements related to the collection, storage, processing, archiving, purging and transmission of Users’ Information. 

1.4 Where Skedadel receives, processes, transmits, archives, purges or stores any Users’ Information, Skedadel represents and warrants that optimum Data Safeguards shall be implemented. Information security procedures, processes and systems shall at all times meet all applicable obligatory statutory and regulatory requirements related to the collection, storage, processing, archiving, purging and transmission of Skedadel Information. 

1.5 Skedadel warrants that it shall at all times comply with the Protection of Personal Information Act, No. 4 of 2013 and its Regulations and related data protection legislation of the Republic Of South Africa in relation to Users’ Information, and that it has all the necessary consents or authorisation to provide Users’ Information to Skedadel, and for Skedadel to process Users’ Information, pursuant to this Agreement, and the instructions given by Users.

1.6 Skedadel shall process Users’ Information for the sole purpose of performing the Services under this Agreement. 

2. PROTECTION OF USERS’ INFORMATION 

2.1. Skedadel warrants that when processing any Personal Information for and on behalf of Users it shall: 

2.1.1. Fully comply with any relevant statutory obligations contained in the Protection of Personal Information Act, No. 4 of 2013; 

2.1.2. Process Users’ Information only with the knowledge and consent of Users as is necessary to optimise the functionality of Skedadel’s application-based delivery system and fulfil its contractual obligations to all the Users, including, vendors, delivery drivers and customers;

2.1.3. Not disclose Users’ Information to any third parties without the written consent of Users unless required by law or in the course of the proper performance of Skedadel’s duties; 

2.1.4. Comply strictly with the Protection of Personal Information Act, No. 4 of 2013, was specific reference to sections 19 to 21 thereof and notify Users immediately, without undue delay, but no later than 24 hours, where there are reasonable grounds to believe that Users’ Information has been accessed or acquired by any unauthorised person; 

2.1.5. Fully assist and cooperate with any affected Users and/or the Information Regulator, during any regulatory or other lawful investigation into any suspected Information Security Compromise and provide all information, and/or documentation to the appropriate party conducting the investigation.  

2.1.6. Establish and maintain security measures to secure the integrity and confidentiality of Users’ Information in its possessions or under its control by taking appropriate, reasonable technical and organisation measures to prevent loss of, damage to, or unauthorised destruction of personal Information and unlawful access to, or processing of, Users Information and shall take reasonable measures to: 

2.1.6.1.1. Identify all reasonably foreseeable internal and external risks to Users’ Information in its possession or under its control;

2.1.6.1.2. Establish and maintain appropriate Data Safeguards against the risks identified; 

2.1.6.1.3. Regularly verify the Data Safeguards are effectively implemented; and 

2.1.6.1.4. Ensure that Data Safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.

3. DATA SAFEGUARDS 

3.1. The requirements set out below are in addition to any other requirements of this Agreement and present a minimum standard only. It is Skedadel’s sole obligation to implement appropriate measures to secure Users’ Information against internal and external threats and risks; and continuously review and revise those measures to address ongoing threats and risks. 

3.2 Information Security Policy 

3.2.1 Skedadel shall establish and maintain a formal, documented, mandated, company wide information security program, including security policies, standards and procedures (collectively “Information Security Policy”). The Information Security Policy shall be communicated to all Skedadel’s personnel in a relevant, accessible and understandable form and shall be regularly reviewed and evaluated to ensure its operational effectiveness and compliance with all applicable laws and regulations and to address new threats and risks. 

3.3 Personnel and Skedadel Protections: 

3.3.1 Skedadel shall screen all Personnel in contact with Users’ Information for potential security risks and require all employees, Skedadels and sub-contractors to sign an appropriate written confidentiality / non-disclosure agreement. 

3.3.2 All agreements with third parties involving access to Skedadel’s systems and data, including all outsourcing arrangements and maintenance and support agreements (including facilities maintenance), shall specifically address security risks, controls and procedures for information systems. 

3.3.3 Skedadel shall supply each of its personnel and Skedadels with appropriate, ongoing training regarding information security procedures, risks and threats. Skedadel shall have an established set of incident response procedures to ensure that its personnel and Skedadels promptly report actual and/or suspected information security compromise. 

3.3.4 Skedadel shall ensure that its Personnel, in performing their obligations in terms of this Agreement, does not compromise the integrity of Skedadel’s Systems or Users’ Information made accessible to them and shall not commit or permit any unauthorised access, use or alteration of Users’ Information. Without limiting the aforesaid, Skedadel shall ensure that its Personnel do not introduce any Malware into Users’ Systems. In the event that Malware is found in Users’ Systems, Skedadel shall reasonably assist Users in reducing the effects of the Malware and, to the extent that the Virus causes a loss of operational efficiency or a loss of data, to reasonably assist Users to restore such loss. 

3.3.5 Skedadel shall, and shall ensure that Skedadel Personnel shall, comply with the Data Safeguards requirements set out in Agreement and such reasonable standard security policies of Users which Users may provide to Skedadel during the term. 

3.4 Access Control 

3.4.1 Skedadel shall use all reasonable efforts to prevent any unauthorised access, alteration, corruption, loss or disclosure of Users’ Information in the possession of or under the control of Skedadel and shall take all reasonable precautions and implement all reasonable security measures to protect the integrity of such Users’ Information, including via the implementation suitable systems security mechanisms. 

3.4.2 Skedadel shall ensure that Skedadel Personnel shall not attempt to access and shall not allow anyone access to Users’ Systems or Users’ Information if such Personnel or any other person has not duly been authorised to obtain such access by Users. 

3.4.3 Skedadel shall implement formal procedures to control access to its systems, services and data, including, but not limited to, Users’ account management procedures and the following controls: 

3.4.3.1 Network access to both internal and external networked services shall be controlled, including, but not limited to, the use of properly configured firewalls. 

3.4.3.2 Operating systems shall be used to enforce access controls to computer resources including, but not limited to, authentication, authorisation and event logging. 

3.4.3.3. Applications shall include access control to limit Users’ access to information and application system functions. 

3.4.3.4 All systems shall be monitored to detect deviation from access control policies and identify suspicious activity. 

3.5 Removable Media 

3.5.1 Except in the context of Skedadel’s routine backups or as otherwise specifically authorised in writing by Users, Skedadel shall institute strict physical and logical security controls to prevent transfer of Users’ Information to any form of Removable Media. 

3.6 Data Access, Control, and Disposal 

3.6.1 Skedadel shall use all reasonable efforts to prevent any unauthorised access, acquisition, alteration, corruption, loss or disclosure of Personal Information in the possession of or under the control of Skedadel. 

3.7 Users’ Information: 

3.7.1 may be made available and accessible only to those parties explicitly authorised under this Agreement or otherwise expressly authorised in writing by Users; 

3.7.2 if transferred across the Internet, any wireless network, or other public or shared networks must be protected using appropriate secure encryption as designated or approved in writing by Users; and 

3.7.3 if transferred using Removable Media (as defined previously), must be sent via a bonded courier or protected using appropriate secure encryption. 

3.7.4 the event that any hardware, storage media or Removable Media must be disposed of or sent offsite for servicing, Skedadel shall ensure all Users’ Information, has been “scrubbed” from such hardware and/or media utilising the optimum “scrubbing” standards generally accepted in the industry.  

3.8 Physical and Environmental Security 

3.8.1 Skedadel’s facilities that process Users’ Information shall be housed in secure areas and protected by perimeter security that provide a physically secure environment from unauthorised access, damage and interference. 

3.8.2 Where Skedadel utilises Cloud Infrastructure, it remains Skedadel’s responsibility to ensure that Users’ personal information shall be securely housed and adequately protected from physical threats. 

3.9 Communications and Operational Management 

3.9.1 Skedadel shall: 

3.9.1.1 monitor and manage all its information processing facilities, including, without limitation, implementing operational procedures, change management and incident response procedures and ensure that adequate provision has been made for redundancy risk in relation to all hardware and software; 

3.9.1.2 deploy best in class antiviral software and adequate backup facilities to ensure that essential business information can be promptly recovered in the event of a disaster or media failure; and 

3.9.1.3 ensure that its operating procedures shall be adequately documented and designed to protect information, computer media and data from theft and unauthorised access. 

3.10 Security Incident Notification

 3.10.1 Skedadel shall maintain procedures and protocols in order to detect and respond to any Information Security Incidents. 

3.10.2. Skedadel shall promptly notify (but in no event more than 24 (twenty-four) hours after the occurrence) notify the designated User or Users, as the case may be, immediately, by e-mail or WhatsApp or alternative electronic messaging service,  of any potential or actual unauthorised access to or acquisition of personal information of Users’ data or Personal Information. The notice shall include the approximate date and time of the occurrence and a summary of the relevant facts, including a description of measures being taken to address the occurrence. An information security compromise, or breach includes instances in which internal personnel access systems in excess of their Users’ rights or use the systems inappropriately. 

3.10.3 Skedadel shall record, review and act upon all events in accordance with incident response policies set forth in the next section. If Skedadel becomes aware of any contravention of the data safeguards of Users or of unauthorised access by any of Skedadel Personnel or any other unauthorised person which may involve Users’ Systems or Users’ Information, Skedadel shall ensure that the relevant security Personnel of Skedadel is alerted immediately and shall immediately take all measures necessary to remedy any breach. 

3.10.4 Skedadel shall report any breach of security or confidentiality in relation to Users’ personal data which, Skedadel was not able to remedy, and which caused an irreversible, material compromise of confidentiality of Users’ personal data, to Users, describing in detail the nature of the breach and any accessed materials, and comply with any reasonable directions in relation to the personal information of Users by Users. 

3.10.5 In the event that the Information Regulator and/or Users carry out an investigation into a suspected or actual information security compromise, Skedadel shall provide reasonable assistance, including providing relevant reports or data relating to such security incident. In the event that Skedadel initiates such an investigation that is relevant to this Agreement, Skedadel shall inform Users and The Information Regulator of such investigation and its outcome, cooperate fully with any requests or requirements of the Information Regulator.

4. SUB-PROCESSORS OF USERS’ PERSONAL INFORMATION 

4.1 Skedadel may sub-contract or otherwise delegate all or any part of the processing of Personal Information to a suitable other entity (“Sub-Processor”). 

4.2 Skedadel shall require Skedadel to enter into a written agreement with the Sub-Processor containing equivalent terms to this Agreement (provided that Skedadel shall not permit the Sub-Processor to further sub-contract or otherwise delegate all or any part of the Sub Processor’s processing without Skedadel conducting due diligence with respect to the intended sub processors outsourced third party, and consenting in writing to such delegation after been fully satisfied of this third parties operational integrity and having concluded a comprehensive agreement binding both sub processes to compliance with all requirements of Skedadel.) 

5. EXPORT OF USERS’ PERSONAL INFORMATION 

5.1 Skedadel undertakes, represents and warrants not to transfer, process, archive, delete or purge Users’ Information outside of the Republic of South Africa. 

 5.2 Skedadel shall not export Users’ Information, without the prior consent of Users thereto and upon such terms as Skedadel shall reasonably require in order to legitimise the export of Users’ Information. 

6. RETURN OR DELETION OF SKEDADEL DATA 

6.1 Upon Users’ request and, in any event, on termination of this Agreement Skedadel shall immediately cease processing Users’ personal information; and destroy the data or copies, notes or extracts thereof unless otherwise required or permitted by applicable law and including but not limited to change of address requests, do-not-solicit requests, direct marketing program responses, fulfilment program information, and any other information captured from ad hoc projects or programs, within thirty (30) business days of the date of termination or expiration of this Agreement and receipt of request. 

6.2 Upon the request of Users, Skedadel shall also confirm in writing that Skedadel has complied with the obligations set forth in this clause. 

6.3 Skedadel shall have no obligation to delete or destroy copies that: 

(a) are contained in an archived computer system backup that was made in accordance with its security, e-mail retention, and/or disaster recovery procedures; or 

(b) are kept by its legal department for record-keeping, archival, or governance purposes in compliance with their document retention policies. Any such retained Users’ Information shall remain subject to the terms and conditions of this Agreement for so long as it is retained. Notwithstanding the return or destruction of Users’ Information, Skedadel shall continue to be bound by its confidentiality and other obligations hereunder in accordance with the terms of this Agreement and with the regulations as stipulated by the Data Protection and Privacy Laws. 

7. AUDIT AND REPORTING REQUIREMENTS

7.1 Skedadel shall permit the Information Regulator or its delegated representative, to attend Skedadel’s facilities to inspect and audit Skedadel’s Technology Services where the processing of Users’ Information occurs to ensure compliance with this Agreement and with the Protection of Personal Information Act, No. 4 of 2013 in its entirety, and its regulations or affiliated schedules, as amended. 

7.2 In the event that such an inspection and audit of Skedadel’s facilities by the Information Regulator or its delegated authority, finds that Skedadel is not in compliance with this Agreement, Skedadel shall take all reasonable steps to promptly remedy any breach or non-compliance identified by the inspection and audit, and provide Users with a detailed report as to why such breach or non-compliance cannot be remedied, and to pay Users’ reasonable costs of such an inspection and audit, in the event of such breach or non-compliance. 

• For Guest Users: The personal data of those who order or receive trips or deliveries via partner websites or apps (such as when ordering from a restaurant or grocery store), or arranged by other account owners (collectively “Guest Users”) is used solely to provide such trips, deliveries, or other services requested through a third party, and for purposes of safety and security, customer support, research and development, enabling communication between users, and in connection with legal proceedings and requirements, each as described in “How we use personal data” below. Guest User data may be shared with third parties for these purposes. Such data may be associated with, and accessible by, the owner of that account. This specifically includes Guest Users who receive deliveries ordered by friends, family members or others.
•  To submit questions, comments or complaints regarding Guest User data, or to submit requests regarding such data, please email support@skedadel.co.za.