Tepic

Privacy Policy

Privacy Policy — Tepic NPC (South Africa)

Last updated: October 2025
Responsible Party: Tepic NPC

1) Scope

This policy explains how Tepic NPC (“we”, “us”, “our”) collects, uses, discloses, and safeguards personal information under POPIA, ECTA, and related South African laws. It applies to our websites, apps, forms, events, and services.

2) Key definitions (plain English)

  • Personal information (PI): Info that identifies a person.
  • Special personal information: e.g., health, biometric, religious, political, or children’s info.
  • Responsible party: Tepic NPC.
  • Operator: A service provider processing PI for us.

3) What we collect

  • Identity & contact: name, ID/passport (where lawful/necessary), contact details.
  • Demographic & participation: programme enrolment, event attendance.
  • Communications: emails, messages, enquiries.
  • Technical: device/browser data, IP, cookies.
  • Financial & donations: payment confirmations (no full card data stored).
  • Media: photos/video from events (see Usage Terms + consents).
  • Special PI: only where lawful grounds exist and with extra safeguards.

4) How we collect

  • Directly from you (forms, email, WhatsApp, events).
  • Automatically via our site/app (cookies, analytics).
  • From third parties where lawful (e.g., payment providers) with required notices.

5) Why we process (purposes)

  • Run programmes, events, and community services.
  • Donor relations, reporting, compliance.
  • Communications you request.
  • Security, fraud prevention, legal obligations.
  • Analytics and service improvement.
  • Direct marketing: only per POPIA, with opt-out in every message.

6) Lawful bases (POPIA)

Consent; performance of a contract; legal obligation; legitimate interests (balanced against your rights); and, for special PI, specific POPIA grounds.

7) Children’s information

Processed only where allowed by POPIA (e.g., with a competent person’s consent) and with additional safeguards.

8) Direct marketing

Sent only to existing participants/donors per POPIA or with consent. Every communication identifies us and includes a free, functional opt-out. We keep a do-not-contact list.

9) Sharing and disclosure

  • Operators (IT/hosting, analytics, communication, payments) under POPIA-compliant contracts.
  • Partners/funders where needed for service delivery/reporting (de-identified where feasible).
  • Authorities where legally required.
    We do not sell personal information.

10) Special personal information & records

Where processed (e.g., health data for accessibility/safeguarding), we use strict access controls and only on lawful grounds.

11) Cross-border transfers

If PI is transferred outside South Africa (e.g., cloud hosting, analytics), we comply with POPIA s72 (adequate protection, consent, or contractual necessity).

12) Security safeguards & breach notification

We apply reasonable technical/organisational measures (role-based access, encryption where feasible, backups, training, vendor due diligence). If a qualifying security compromise occurs, we’ll notify you and the Information Regulator per POPIA s22.

13) Retention

We keep PI only as long as needed for the purposes above and legal/accounting requirements, then securely delete or de-identify it.

14) Your rights

You may request access; correction, deletion, or destruction; object to certain processing (including direct marketing); and complain to the Information Regulator. We’ll respond within reasonable timeframes.

How to exercise your rights:
Email our Information Officer at [email protected] with proof of identity and enough detail to locate the records. (No telephone line available.)

Complain to the Information Regulator:
See inforegulator.org.za for forms and contacts.

15) Cookies & analytics

We use essential cookies and (optionally) analytics cookies. You can block non-essential cookies in your browser; some features may not work.

16) Third-party links

Third-party sites/services have their own privacy notices.

17) Changes to this policy

We may update this policy. The “Last updated” date reflects the latest version.

Contact (privacy): [email protected]
Address: Wonderboom, Roodepoort, Gauteng, South Africa
(No telephone line.)

Website / App Terms of Use — Tepic NPC

1) Acceptance

By accessing our website/app or using our services you agree to these Terms and our Privacy Policy.

2) Eligibility & accounts

You must be legally capable of accepting these Terms. Keep your login details secure and tell us immediately if you suspect unauthorised use. We may suspend accounts for security or misuse.

3) Your responsibilities

  • Provide accurate information and update it when it changes.
  • Use the services lawfully and respectfully.
  • Do not attempt to breach security, disrupt systems, scrape without permission, or infringe IP.

4) Acceptable use (non-exhaustive)

No unlawful, defamatory, harassing, hateful, discriminatory, or privacy-invasive content. No IP infringement, malware, automated attacks, or reverse engineering beyond what law permits.

5) Content & intellectual property

Unless stated otherwise, all site/app content is owned by or licensed to Tepic NPC. Personal, non-commercial use only. No reproduction or derivative works without prior written consent.

6) User content

You’re responsible for content you submit. You grant us a non-exclusive, royalty-free licence to use it to operate/improve the services (and, where relevant, to report to funders/partners in de-identified form). We may remove content that breaches these Terms.

7) Event media & consent

We may photograph/record events for documentation and impact reporting, following our Privacy Policy and obtaining permissions as required, especially where minors are present. If you’re uncomfortable being captured, please tell event staff on arrival.

8) Donations & payments

Processed by third-party providers under their terms. Refunds (if applicable) follow our Donations/Refunds Policy [link] and the CPA where applicable.

9) Third-party services & links

We’re not responsible for third-party sites/services. Use at your own risk and review their terms.

10) Availability & changes

We aim for reasonable uptime but do not guarantee continuous availability. We may modify or discontinue features at any time.

11) Disclaimers

To the fullest extent permitted by South African law, the services are provided “as is”. We disclaim all warranties not expressly stated. Nothing limits rights under the Consumer Protection Act where applicable.

12) Limitation of liability

We’re not liable for indirect, consequential, special, or punitive damages. Our aggregate liability for claims arising from these Terms or the services will not exceed the greater of [ZAR amount] or the amount you paid to us in the 6 months before the claim, unless prohibited by law.

13) Indemnity

You indemnify us against claims arising from your unlawful use of the services or breach of these Terms.

14) Data protection

Processing of personal information is governed by our Privacy Policy and POPIA. We implement reasonable safeguards and will notify you of qualifying security compromises per POPIA s22.

15) Electronic communications (ECTA)

You consent to receiving notices electronically. Contracts may be concluded electronically where permitted by ECTA.

16) Governing law & jurisdiction

These Terms are governed by South African law. You submit to the non-exclusive jurisdiction of the Gauteng Division of the High Court, Johannesburg (without limiting rights to approach any competent court/tribunal).

17) PAIA Manual

Access to information requests are handled under PAIA

18) Changes to Terms

We may update these Terms; continued use after changes indicates acceptance.


Warning: PHP Startup: uploadprogress: Unable to initialize module Module compiled with module API=20220829 PHP compiled with module API=20210902 These options need to match in Unknown on line 0