Privacy Policy

The Independent Business Owners Association (I.B.O.A., we, us or our) respects your privacy and is committed to protecting your personal information in compliance with South Africas Protection of Personal Information Act (POPIA). This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our website, services, and membership platform (collectively, the Services).

1. Information We Collect

a. Information You Provide

  • Identity & Contact Data: Name, email address, phone number, company name, province code.

  • Payment & Billing Data: Credit-card token (via Payfast), billing address, transaction history.

  • Profile & Volunteered Data: Profile photo, bio, event RSVPs, survey responses, support inquiries.

b. Automatically Collected Data

  • Technical Data: IP address, device type, browser, operating system, time zone.

  • Usage Data: Pages visited, click paths, form submissions, video views.

  • Cookies & Tracking:

    • Strictly Necessary (session cookies, security tokens)

    • Performance (Google Analytics, anonymized heat-maps)

    • Functionality (language and layout preferences)

    • Marketing (retargeting pixels)

2. How We Use Your Information

We collect and process your data to:

  • Deliver Our Services: Create and manage your account, process membership sign-ups and recurring payments, and provide access to events, content, and community features.

  • Communicate Effectively: Send you important updates, confirmations, receipts, and occasional newsletters about upcoming masterclasses or networking opportunities.

  • Improve & Innovate: Analyze usage patterns and feedback to optimize our platform, refine events, and develop new resources that meet member needs.

  • Market Responsibly: With your consent, send you targeted offers, partner promotions, and other marketing communications. You can opt out at any time.

  • Meet Legal Requirements: Retain transaction records, honour tax and audit obligations, and comply with any lawful requests from regulators or law-enforcement authorities.

3. Data Sharing & Disclosure

We never sell or rent your personal data. We only share it when necessary to power our servicesengaging trusted service providers under strict confidentiality obligations - or to comply with legal obligations and protect our rights. In the event of a business merger or sale of I.B.O.A. assets, we will notify members and ensure any successor continues to safeguard your information.

4. International Transfers

While we primarily store data in South Africa, some aspects of our operations (such as analytics or email distribution) may involve third-party processors outside South Africa. We ensure appropriate safeguards (standard contractual clauses) are in place to protect your data whenever its transferred internationally.

5. Data Security

We implement industry-standard measures to protect your information, including:

  • Encryption: SSL/TLS for data in transit; strong encryption at rest.

  • Access Controls: Role-based permissions and multi-factor authentication for admin access.

  • Monitoring & Testing: Regular vulnerability scans and security audits.

  • Incident Response: Procedures to detect, contain, and remediate any data breaches within 24 hours.

6. Data Retention & Deletion

  • Retention Period: We retain your personal data for as long as you remain a member, plus 2 years thereafter to meet legal and tax obligations.

  • Deletion Requests: You may request deletion of your personal data. We will comply unless retention is required by law or for legitimate business needs, in which case we will anonymise the data.

7. Your Rights Under POPIA & Similar Principles

You have the right to:

  • Access & Portability: Obtain a copy of your personal data in a structured, machine-readable format.

  • Rectification: Correct inaccurate or incomplete information.

  • Erasure: Request deletion of your data (subject to legal exceptions).

  • Object & Restrict: Opt out of direct marketing or limit processing.

  • Withdraw Consent: Withdraw any consent you have given for processing.

To exercise these rights, contact privacy@iboa.co.za. We will respond within 30 days, as required by POPIA.

8. Minors

Our services are intended for individuals aged 18 and over. We do not knowingly collect data from children under 18. If you believe a minors data has been collected, please contact us to have it deleted.

9. Complaints

If you have concerns or complaints about our handling of your personal data, please first contact us at privacy@iboa.co.za. You may also lodge a complaint with South Africas Information Regulator.

10. Changes to This Policy

We may update this Privacy Policy at any time. Significant changes will be communicated via email and noted by a new Last updated date on this page. Continued use of our services constitutes acceptance of the revised policy.

If you have questions about these Terms, email support@iboa.co.za.