At SportsCap (PTY) Ltd, safeguarding the personal data of our clients, employees, business partners, and other stakeholders is a fundamental part of our operations. In compliance with South Africa's Protection of Personal Information Act (POPIA), we are committed to maintaining the privacy, confidentiality, and security of personal data we process. This policy sets out how SportsCap (PTY) Ltd manages personal information, from collection and processing to storage and disposal, to ensure we meet the legal and ethical standards established by POPIA.

The purpose of this policy is to help you understand:

• What personal information we collect.
• How we use, store, and protect personal data.
• The rights and responsibilities that apply to both SportsCap (PTY) Ltd and individuals in the data handling process.
• How to raise concerns if you feel your data protection rights have been violated.
• How to raise concerns if you feel your data protection rights have been violated.

Scope:This policy applies to all personal information collected and processed by SportsCap (PTY) Ltd within its operations, including that of customers, employees, suppliers, and third-party partners.

This policy ensures that SportsCap (PTY) Ltd:

• Complies with POPIA: We are committed to adhering to the POPIA requirements for processing personal data, protecting individual rights, and ensuring transparency.
• Protects the rights of data subjects: We recognize and respect the rights of individuals to have control over their personal data and ensure that data processing is done in a lawful and transparent manner.
• Promotes accountability and integrity: We are committed to data security, ensuring that personal information is processed ethically and securely.
• Establishes procedures for data handling: We outline the collection, use, storage, retention, and destruction of personal data to ensure compliance with POPIA.
• How to raise concerns if you feel your data protection rights have been violated.

In addition, this policy helps mitigate risks associated with personal data breaches and ensures that we have proper procedures in place to address data protection incidents quickly and effectively.

Personal Information: This refers to any information that can directly or indirectly identify a person. This includes, but is not limited to, identification numbers, contact information, location data, demographic information, IP addresses, and any other unique identifiers. Under POPIA, personal information is protected as it can be used to identify a living individual.

Processing: Any operation performed on personal data, whether or not by automated means. This includes collecting, recording, organizing, storing, updating, retrieving, using, transmitting, distributing, and erasing personal data. Even simply retaining or disposing of personal data is considered processing. Data Subject: A data subject is any individual whose personal information is collected and processed by SportsCap. This can include customers, employees, suppliers, contractors, and any individual whose personal data is held by the company.

Responsible Party: The entity that determines the purposes and means of processing personal data. In the case of SportsCap, the company itself is the responsible party, and we are responsible for ensuring that personal data is processed in accordance with the provisions of POPIA.

Processor: A third party that processes personal data on behalf of the responsible party. For example, third-party service providers who manage data storage or payment processing.

We collect personal information primarily for the following purposes:

Customer Relationship Management: This includes collecting information to maintain communication with our customers, to provide the products and services they have requested, and to ensure we can contact them if necessary (e.g., product updates, customer support).

Service Fulfillment: Information is used to manage customer subscriptions, process payments, and deliver the agreed-upon services (e.g., sports analytics or communication tools).

Marketing and Communications: With the customer’s consent, personal data may be used to send promotional materials, newsletters, product updates, and offers. Customers can opt out of these communications at any time. Legal Compliance: Personal information may be collected for tax, financial reporting, and other legal obligations. For example, when we issue invoices or make payments, we may collect certain data to comply with tax laws.

Security: Personal data is also collected to ensure the security of our business operations. For instance, we may collect data to safeguard against fraud or to comply with business security regulations.

Data Collection Methods: Direct Collection: Personal information is collected directly from individuals, such as through website forms, subscriptions, or account registrations.

Indirect Collection: Data may be collected from third parties with the individual’s consent (e.g., service providers, partners).

We will only collect personal data that is necessary for these purposes. We will not collect excessive data beyond what is required for the intended purpose.

SportsCap (PTY) Ltd ensures that data subjects can exercise the following rights in relation to their personal information:

Right to Access: A data subject can request a copy of their personal information held by SportsCap (PTY) Ltd. This ensures transparency about what data is being processed and how it is being used.

Right to Rectification: If any personal data held by SportsCap (PTY) Ltd is inaccurate or incomplete, data subjects have the right to request that their data be corrected or updated.

Right to Erasure (Right to be Forgotten): Data subjects can request that their personal data be erased, but this right is not absolute. It may be refused where the data is still necessary for the fulfillment of a contract or legal obligations.

Right to Restrict Processing: Data subjects may request that the processing of their personal data be restricted, particularly if the accuracy of the data is contested, or if the data is no longer necessary for processing but the individual requires it for legal purposes.

Right to Object: Data subjects can object to certain types of data processing, including processing for direct marketing purposes.

Right to Data Portability: Data subjects have the right to request their data in a structured, commonly used format, which can then be transferred to another data controller.

Right to Withdraw Consent: Where processing is based on consent, data subjects can withdraw their consent at any time, after which SportsCap (PTY) Ltd will cease processing the data unless another legal basis exists for continuing to do so.

SportsCap (PTY) Ltd takes the protection of personal information seriously and has implemented robust security measures to prevent data breaches and unauthorized access:

Physical Security: We secure facilities where personal data is stored by using access controls, surveillance systems, and other physical security measures.

Technical Security: We use encryption (e.g., SSL/TLS protocols) to protect personal data both in transit and at rest. Additionally, access to sensitive data is limited based on roles and responsibilities.

Administrative Security: We restrict access to personal data to only those employees or third-party contractors who need it to perform their job. Regular audits and reviews ensure compliance with data protection practices.

Incident Response: Incident Response: We have a data breach notification protocol in place to quickly respond to any security incidents. In case of a data breach, we will inform the affected data subjects and the Information Regulator as required by POPIA.

We may share personal information with third parties in the following situations:

With Consent: When we obtain the data subject’s consent, we may share their personal information with third parties for specific purposes, such as marketing campaigns or partnerships.

Service Providers: Third-party vendors who provide services to SportsCap (PTY) Ltd (e.g., cloud hosting, data storage, payment processors) may process personal data on our behalf. These vendors are bound by contracts that ensure compliance with POPIA and provide the necessary data protection guarantees.

Legal Compliance: Personal data may be shared with law enforcement, regulatory authorities, or courts if required by law or legal process (e.g., subpoenas, court orders).

Business Transfers: In the event of a business restructuring (such as a merger or acquisition), personal data may be transferred to the new entity, provided that POPIA standards are upheld.

Personal data will be retained by SportsCap (PTY) Ltd only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal requirements. Once data is no longer needed, we will ensure that it is securely destroyed or anonymized. Data retention periods are reviewed regularly, and adjustments are made in line with business needs and legal obligations.

This policy will be reviewed periodically to ensure its ongoing compliance with POPIA and best practices in data protection. Any changes to this policy will be communicated to the relevant stakeholders and updated accordingly. SportsCap (PTY) Ltd reserves the right to modify this policy at any time.

For any inquiries, concerns, or to exercise your rights under POPIA, please contact our Data Protection Officer (DPO): Email: dpo@sportscap.co.za Phone: +27 82 828 4007 Postal Address: 17 Kingsmead Mews, 59 Kingsmead Drive, Westville, KwaZulu-Natal, South Africa