Privacy Policy Draft for Food Delivery Service
1 Introduction and Commitment to POPIA Compliance
This Privacy Policy establishes how [Your Company Name] (“we,” “our,” or “us”) collects, uses, processes, and protects the personal information of our customers in compliance with South Africa’s Protection of Personal Information Act 4 of 2013 (POPIA). We are committed to protecting your privacy and ensuring that your personal information is collected and used properly, lawfully, and transparently. As a food delivery service operating in South Africa, we recognize the importance of privacy and are dedicated to safeguarding your personal information in accordance with South African data protection laws and the constitutional right to privacy enshrined in Section 14 of the South African Constitution.
This policy applies to all personal information we collect through our ordering channels, including WhatsApp, phone calls, our website, or any other platform through which you place orders with us. By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal information as described herein. If you do not agree with any aspect of this policy, please do not use our services. We regularly review and update our privacy practices to ensure ongoing compliance with evolving legal requirements and best practices in data protection.
2 Information We Collect
2.1 Personal Information Collection
We collect and process the following personal information to provide our food delivery services:
- Full name (required for order processing and identification)
- Surname (optional, for personalized service)
- WhatsApp number or alternative contact number (essential for order confirmations, delivery updates, and customer service communications)
- Delivery address (when delivery is requested, for successful service fulfillment)
- Order history and preferences (to enhance service quality and customer experience)
2.2 Basis for Processing
We process your personal information under the following lawful conditions as stipulated by POPIA:
- Performance of a contract: Processing is necessary to fulfill our agreement to process and deliver your food orders.
- Legitimate business interests: We process information to improve our services, prevent fraud, and maintain business operations.
- Consent: Where required, we obtain your explicit consent before processing your personal information for specific purposes.
- Legal obligation: Processing may be necessary to comply with applicable South African laws and regulations.
3 How We Use Your Information
3.1 Primary Purposes
We use the personal information we collect for the following specific purposes:
- Order processing and fulfillment: To receive, process, and deliver your food orders to your specified address.
- Service communication: To send order confirmations, delivery updates, and coordinate delivery logistics primarily via WhatsApp.
- Customer support: To respond to your inquiries, complaints, or feedback regarding our services.
- Service improvement: To analyze order patterns and customer preferences to enhance our menu offerings and delivery services.
- Legal compliance: To maintain records as required by South African laws and regulations, including tax and business record-keeping obligations.
3.2 Marketing Communications
We respect your privacy preferences regarding marketing communications:
- We will only send you marketing communications about our promotions, new menu items, or special offers with your prior explicit consent.
- You have the right to opt-out of receiving marketing communications at any time by using the unsubscribe option in our messages or contacting us directly.
- Service-related communications (order confirmations, delivery updates) are not considered marketing and will continue to be sent as necessary for service fulfillment.
4 Sharing and Disclosing Your Information
4.1 Limited Disclosure Circumstances
We value your trust and do not sell, trade, or rent your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:
- Delivery personnel: We share your name, contact number, and delivery address with our delivery partners solely for the purpose of fulfilling your order.
- Service providers: We may engage trusted third-party service providers who assist us in operating our business, such as IT support, payment processing, or analytics services. These providers are contractually bound to protect your information and use it only for the services they provide to us.
- Legal requirements: We may disclose your information when required by law, regulation, or legal process, or to protect our rights, property, or safety, or that of our customers or others.
4.2 Third-Party Service Providers
When we share your information with third-party service providers, we ensure they implement appropriate security safeguards and only process your information for the specific purposes we have engaged them for. We have agreements in place to ensure these providers comply with the privacy requirements as required by POPIA.
5 Data Security and Retention
5.1 Security Measures
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, or destruction. Our security measures include:
- Secure storage systems with access limited to authorized personnel on a need-to-know basis
- Encryption technologies for sensitive data transmission
- Regular security assessments of our systems and processes
- Staff training on data protection principles and confidentiality obligations
While we take reasonable steps to secure your personal information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
5.2 Data Retention Periods
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements:
- Active customer data: We retain your personal information while you remain an active customer and for a reasonable period thereafter.
- Legal requirements: We retain order records for 5 years as required by South African tax and business laws unless a longer retention period is required or permitted by law.
- Anonymization: After the retention period expires, we either delete your personal information or anonymize it so it can no longer be associated with you.
Table: Data Retention Periods
| Data Type | Retention Period | Basis |
| Order records | 5 years | Legal requirement (tax laws) |
| Customer contact information | 3 years after last order | Business operations |
| Customer communication records | 3 years | Service quality and dispute resolution |
6 Your Rights Under POPIA
6.1 Data Subject Rights
As a data subject under POPIA, you have the following rights regarding your personal information:
- Right to access: You may request access to the personal information we hold about you.
- Right to correction: You may request that we correct or update any inaccurate or incomplete personal information.
- Right to deletion: You may request that we delete your personal information, subject to any legal obligations we have to retain it.
- Right to object to processing: You may object to our processing of your personal information, including for direct marketing purposes.
- Right to lodge a complaint: You have the right to lodge a complaint with the South African Information Regulator if you believe we have not complied with POPIA.
6.2 Exercising Your Rights
To exercise any of these rights, please contact our Information Officer using the contact details provided in Section 9. We will respond to your request within 21 days as required by POPIA. These rights are provided to you free of charge, and we will not charge you for responding to your legitimate requests.
6.3 Complaint Process
If you have any concerns about how we handle your personal information, please contact us first so we can attempt to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa at:
- Website: https://justice.gov.za/inforeg/
- Email: inforeg@justice.gov.za
- Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
7 Other Applicable South African Laws
In addition to POPIA, our operations comply with other relevant South African legislation:
- Consumer Protection Act 68 of 2008: Ensures fair treatment of customers and transparent business practices.
- Electronic Communications and Transactions Act 25 of 2002: Governs electronic transactions and communications.
- Companies Act 71 of 2008: Regulates our business operations and corporate governance.
8 Policy Updates and Notification
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated version will be posted on our ordering platforms with a revised effective date. We encourage you to review this policy periodically to stay informed about how we are protecting your information. For material changes that affect your rights, we will provide more prominent notice, such as via direct communication to you or a notice on our primary service channels.
9 Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our Information Officer:
- Information Officer: [Name of Information Officer]
- Email: [privacy email address]
- Telephone: [phone number]
- Physical Address: [company physical address]
- Business Hours: Monday to Friday, 8:00 AM to 5:00 PM
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.
Effective Date: [Date]
Last Updated: [Date]