ClubHop — Privacy Policy (POPIA)
1. Commitment to Data Privacy
1.1 ClubHop (Pty) Ltd ("the Company", "the Platform", "we", "us") respects your right to privacy and is committed to the secure, lawful, and transparent processing of personal information in strict accordance with the Protection of Personal Information Act (POPIA) No. 4 of 2013.
1.2 ClubHop (Pty) Ltd is registered in the Republic of South Africa under Registration Number 2026/513029/07. The Company's registered statutory Information Officer can be reached via email at: privacy@clubhop.co.za.
2. Information We Collect and Process
To deliver our core software matching and digital ticketing services, we must collect and process the following categories of personal information:
2.1 For Member Users: Full names, contact telephone numbers, email addresses, geographic location data, date of birth / age declarations, gender selection, and transactional history records.
2.2 Special Personal Information (Children's Data Exclusion): The platform is strictly designed and engineered for individuals aged 18 years or older. The App enforces a strict prohibition on account creation or transaction execution by minors. We do not knowingly collect, store, or process special personal information relating to children under Section 34 of POPIA under any circumstances.
2.3 For Partner Venue Operators: Business registration documents (CIPC certificates), corporate bank account metadata, SARS VAT registration numbers, physical trading addresses, full names and ID numbers of ultimate beneficial owners, and associated Paystack merchant sub-account identifier strings.
3. De-Identified, Aggregated and Anonymous Data for Analytics
3.1 Apart from the personal identifiers listed in Clause 2, the Platform automatically collects, processes, and extracts non-identifying, anonymous, and de-identified behavioral and demographic metadata generated through user interactions with the App.
3.2 This non-identifying data includes aggregated user age brackets (e.g., 18-25, 26-35), gender group ratios, peak pass purchase hours, and real-time venue check-in/scan timestamps.
3.3 All analytics metrics are stripped of any unique personal identifiers (such as names, phone numbers, or emails) before being compiled. This data is aggregated into high-level statistical datasets from which individual user identities can never be reverse-engineered or re-identified. The Platform retains the right to share these high-level, anonymized trend reports with our onboarding Partner Venues to help them improve their operations and crowd management strategies.
4. Cross-Border Data Transfers (Section 72 Disclosure)
4.1 In strict compliance with Section 72 of POPIA, data subjects are hereby explicitly notified that the Platform's core database infrastructure, cloud servers, and software backend are hosted securely via Supabase within the European Union (Ireland, region eu-west-1). The European Union operates under data protection frameworks (notably the GDPR) that provide an adequate level of protection, upholding principles for the reasonable processing of information that are substantially similar to those of POPIA, thereby rendering the transfer lawful under Section 72(1)(a).
4.2 Consequently, your personal information will flow across the borders of South Africa into European cloud centers during account synchronization and payment execution.
4.3 Payment Processor: Card payments and partner payouts are processed by Paystack, a licensed payment gateway. The limited transaction data required to process a payment (such as the amount, reference, and the payer's email) is shared with Paystack and is subject to Paystack's own privacy and security controls. ClubHop does not store full card numbers; card data is handled directly by the payment gateway.
5. Data Retention and Archiving Periods
5.1 In accordance with Section 14 of POPIA, personal information will only be retained for as long as is strictly necessary to fulfill the core operational purposes outlined in this Policy, or to satisfy statutory South African corporate retention laws.
5.2 Active Accounts: Personal profiles and member descriptors will be maintained continuously for the duration of your active relationship with the App.
5.3 Deactivated Accounts: If a user requests the formal deletion or deactivation of their account, all personal identifiers (names, emails, phone numbers) will be permanently purged or irreversibly anonymized within 30 (thirty) business days.
5.4 Financial Transaction Records: In compliance with Section 29 of the Tax Administration Act No. 28 of 2011, all transactional data, invoice metadata, and ledger histories linking users and venues must be securely archived for a mandatory statutory period of 5 (five) years before permanent destruction.
6. Purpose of Core Personal Data Processing
We will only process identifiable personal information for reasons that are directly relevant to our core business operations, including:
6.1 Authenticating user profiles and securely generating unique, trackable digital QR code admission passes;
6.2 Providing necessary data links to Paystack's API split engine to ensure automated real-time transaction processing and vendor payouts;
6.3 Complying with statutory SARS tax accounting rules by auto-generating recipient-created invoices and statements;
6.4 Defending the platform against financial fraud by generating data verification printouts to resolve bank chargeback disputes.
7. Data Security and Statutory Information Officer
7.1 We implement robust administrative, physical, and advanced technical safeguards to protect personal data from unauthorized access, accidental loss, destruction, alteration, or unlawful disclosure. All in-transit data traffic between the mobile application and our database servers is locked down using industry-standard Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption frameworks.
7.2 In terms of Section 55(1) of POPIA, the Chief Executive Officer of ClubHop (Pty) Ltd is automatically designated as the default Information Officer for the private body. The Information Officer's primary duties are to ensure operational compliance with POPIA, handle data access requests from platform users, and cooperate directly with the Information Regulator.
7.3 Registration: The Information Officer is registered with the South African Information Regulator via the official e-Services portal.
7.4 For any data privacy inquiries, formal access requests, or to register a concern, please contact the Information Officer directly via email at: privacy@clubhop.co.za.
8. Your Legal Rights Under POPIA
In terms of Sections 23 and 24 of POPIA, you possess the following statutory rights regarding your personal information:
8.1 Right of Access: You may request confirmation of whether we hold your personal data and receive a record of that data.
8.2 Right to Correction / Deletion: You may request that we correct, destroy, or delete personal data that is inaccurate, irrelevant, excessive, incomplete, misleading, or outdated.
8.3 Right to Object: You may object, on reasonable grounds, to the processing of your personal information at any time.
8.4 To exercise these rights, you must submit a formal request to our Information Officer using the prescribed statutory forms — Form 1 (to object to processing) or Form 2 (to request correction or deletion). These forms can be requested via privacy@clubhop.co.za or downloaded from the Information Regulator's portal.
9. Complaints to the Information Regulator
If you believe ClubHop has processed your personal information unlawfully, you have the right to lodge a formal complaint directly with the South African Information Regulator. Website: inforegulator.org.za. Complaints Email: complaints.IR@justice.gov.za.
10. Data Breach Notification (Section 22)
In the event of a data breach or security compromise affecting personal information, we are legally required to notify the Information Regulator and the affected data subjects as soon as reasonably possible after the discovery of the compromise.
11. PAIA Manual and Access to Information
To view our statutory Promotion of Access to Information Act (PAIA) Manual, or to submit a formal request for access to records, please contact our Information Officer at privacy@clubhop.co.za.