This website is run by RunnerRsa (Pty) Ltd based in South Africa trading as RunnerRsa and with registration number 20 with sole Director Vernon Marais.
RunnerRsa contact details:
For purpose of this Agreement the terms “we”, “us” or “our”, refer to RunnerRsa, Site and App, used interchangeably. When you use the service available on the Site or the App, you consent to our collection, use, and disclosure of information about you as described in this Agreement.
1‘User’ shall have the same meaning as defined under Section 2 (1) (j) of the Information Technology (Intermediaries Guidelines Rules, 2011). Per the said Rules, user means any person who accesses or avails any computer recourse of intermediary for the purpose of hosting, publishing, sharing, transacting, displaying or uploading information or views and includes other persons jointly participating in using the computer recourses of an intermediary.
This Agreement is effective from 27/01/2021 and continues until revoked by RunnerRsa.
YOUR PRIVACY IS IMPORTANT TO US
- Your privacy is important to you and to us. We’ll protect the information you share with us. To protect your privacy, the Site follows different principles in accordance with worldwide practices for customer privacy and data protection.
- We at RunnerRsa are committed to respecting your online privacy and recognize your need for appropriate protection and management of any personally identifiable information (“Personal Information”) you share with us. For purpose of this Policy, Personal Information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or home. In general, you can visit the Site’s web pages without telling us who you are or revealing any Personal Information about yourself. If however, Personal Information is revealed to us, we won’t sell or give away any content of your Personal Information to anyone except people who may be involved in the delivery of Service.
- To participate as a RunnerRsa Driver Agent, you must permit the RunnerRsa Services to access location services through the permission system used by your mobile operating system (“Platform”) or browser. We may collect the precise location of your device when the RunnerRsa Driver app is running in the foreground or background of your device. We may also derive your approximate location from your IP address. We use your location information to verify that you are present in your preferred region or city when you begin or engage in a delivery through the RunnerRsa Services (a “Delivery”), connect you with delivery opportunities in your zone, and track the progress and completion of your Deliveries. You can enable the location tracking feature through the settings on your device or Platform or when prompted by the RunnerRsa Driver mobile app. If you choose to disable the location feature through the settings on your device or Platform, RunnerRsa will not receive precise location information from your device, which will prevent you from being able to Trip and receiving delivery opportunities in your area.
INFORMATION WE COLLECT AND HOW WE USE IT.
- When you visit the Site or use our Service, we collect and store information about you, your computer or mobile device and your activities. This information may include, but is not limited to:
- Your computer’s IP address; technical information about your computer or mobile device (such as type of device, web browser or operating system).
- Your mobile device’s unique ID number (when available), your mobile device’s geographic location (specific geographic location if you’ve enabled collection of that information, or general geographic location automatically).
- Your provided full name, email address, postal code and other information you may provide with your account, such as your gender and birth date. You may optionally provide us with this information through third party sign-in services such as Facebook and Google Plus. In such cases, we fetch and store whatever information is made available to us by you through these sign-in services.
- How long you visited our service and which features you used.
- We gather information from members and guests who apply for the various Services that our site offers. It includes, but may not be limited to, email address, first name, last name, a user-specified password, e-mail Id, mailing address, postal code and telephone number . We collect information primarily to ensure that we are able to fulfill your requirements and to deliver personalized experience.
- When you visit the Site or use our Service, we collect and store information about you, your computer or mobile device and your activities. This information may include, but is not limited to:
- To register as a member of the Site, you must be of sound mind. By using this Site, you represent and warrant that you have the right, authority, and legal capacity to enter into this Agreement and that you are not prohibited or prevented by any applicable law for the time being in force or any order or decree or injunction from any court, tribunal or any such competent authority restraining you from availing our Services. You also agree to abide by all of the terms and conditions of this Agreement. If at any time RunnerRsa is of the opinion (in its sole discretion) or has any reason to believe that you are not eligible to become a member or that you have made any misrepresentation about your eligibility, RunnerRsa reserves the right to forthwith terminate your subscription and / or your right to use the Service, without any refund to you, for any of your unutilized subscription fee, if any.
- User and Service Provider represents that they are not minors (16 or above) and are not persons with any criminal record nor barred by the government from receiving any services under any law in India. User and service provider agree to the following:
- Provide accurate, current, true and complete information about them while registering on our Website or App.
- Maintain and promptly update your profile and registration data to keep it accurate, true, current and complete.
- Under an event of information being found incomplete, false or inaccurate, we reserve the right to delete, terminate or deactivate your account without any notification or intimation and refuse any current or future use of our Website and/or App.
- When you register on our Website and/or App, you will be required to choose a username and a password. You are responsible for maintaining the confidentiality of your password and account information. You must immediately notify us of any unauthorized use of password or account or any other security breach.
- You are liable for maintaining the confidentiality of any login information associated with any account you use to access the Services or resources, and thus you are also responsible for all activities that occur on your account. You will be solely responsible for any consequences, losses, or damages that RunnerRsa may directly or indirectly incur or suffer due to any illegal or unauthorized activities conducted by you or person engaged by you.
PROPRIETARY RIGHTS AND TRADEMARKS
- The Site contains copyright material, trademark and other proprietary information, including, but not limited to, text, software, photos, video, graphics, music and sound. All proprietary material displayed on the Site or provided on demand, is copyrighted as a collective work either owned by RunnerRsa or licensed from a third party.
- RunnerRsa owns copyright in the selection, coordination, arrangement and enhancement of such proprietary material. User may not modify, publish, transmit, participate in the transfer or sale, create derivative works, or in any way exploit the content, in whole or in part. User may download copyrighted material for user’s personal use only. Except as otherwise expressly permitted under copyright law, no copying, redistribution, retransmission, publication or commercial exploitation of downloaded material will be permitted without the express permission of RunnerRsa. In the event of any permitted copying, redistribution or publication of copyrighted material, no changes in or deletion of author attribution, trademark legend or copyright notice shall be made. User acknowledges that it does not acquire any ownership rights by downloading copyrighted material.
DISCLAIMER AND LIABILITY
- User and service provider expressly agree that use of Services is at their sole risk. Neither RunnerRsa its affiliates nor any of its respective employees, agents, service providers, third party agents warrant that RunnerRsa’s Services will be uninterrupted, faulty or error free. RunnerRsa makes no representations about the accuracy of the information contained in the material provided and graphics on this Website for any purpose. RunnerRsa hereby disclaims all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for any particular purpose, title and non-infringement. In no event, shall RunnerRsa be liable to any party for any direct, indirect, special or other consequential damages for any use of the Services, the information, or on any other hyperlinked web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system or otherwise, even if RunnerRsa is expressly advised of the possibility of such damages. RunnerRsa is not responsible for any incorrect or inaccurate content provided to the user or service provider whether on the Site or otherwise. The user and service provider must use its discretion before availing Services of RunnerRsa.
- User and service providers agree and assure to not hold RunnerRsa, its employees, agents, directors, officer bearers, managers, investors, donors, and licensors responsible, for and against all losses, whether financial, intellectual, mental, physical (including misuse of debit / credit card and online banking facilities) or otherwise, expenses, damages and costs, including reasonable attorneys’ fees, resulting from use of the Site or Services. Despite regular controls RunnerRsa is not liable for any mishap or misuse of financial or personal information of the service provider. We reserve the right to be indemnified for the above mentioned. In such event, user shall provide us with such cooperation as is reasonably requested by us.
- RunnerRsa is not responsible for any problems or technical malfunction of any telephone network or lines, computer on-line-systems, servers or providers, computer equipment, software, failure of email or players on account of technical problems or traffic congestion on the Internet or at any website or combination thereof, including injury or damage to users and Subscribers or to any other person’s computer related to or resulting and/or in connection with RunnerRsa’s service. RunnerRsa expressly disclaims any liability or responsibility whatsoever and howsoever arising as a result of any content of study material made available to subscribers.
- RunnerRsa does not warrant or guarantee that the information contained on the Site is accurate or complete, and hereby disclaims any and all liability to any person for any loss or damage caused by errors or omission, whether such errors or omissions result from negligence, accident or any other cause. Before availing Services, user discretion is advised. RunnerRsa further assumes no liability for the interpretation and/or use of the information contained on this Site, nor does it offer a warranty of any kind, either expressed or implied. Also, we do not guarantee that the use of our Services, resources and/or information provided on the Site will meet your needs or requirements. We do not also guarantee that the information obtained by using our Services will be accurate.
- RunnerRsa makes no commitment to update the information or materials on this Website which, as a result, may be out of date. Neither us, nor our officers, directors, employees, agents or affiliates are responsible or liable for any loss damage (including, but not limited to, actual, consequential, or punitive), liability, claim, or other injury or cause related to or resulting from any information provided by us. RunnerRsa reserves the right to revise these terms at any time. User is responsible for reviewing this page from time to time to ensure compliance with the then current terms and legal restrictions because they will be binding upon them.
- Force majeure: RunnerRsa will not be responsible for any failure or delay in performance due to circumstances beyond its reasonable control, including, without limitation, acts of god, war, riot, embargoes, acts of civil or military authorities, fire, floods, accidents, service outages resulting from equipment and/or software failure and/or telecommunications failures, power failures, network failures, failures of third party service providers (including providers of internet services and telecommunications). The party affected by any such event shall notify RunnerRsa within a maximum of fifteen (15) days from its occurrence. The performance of this Agreement shall then be suspended for as long as any such event shall prevent the affected party from performing its obligations under this Agreement.
User and service provider shall be responsible for obtaining and maintaining all telephone, computer hardware, software and other equipment needed for access to and use of Website and all charges related thereto shall be borne by the concerned parties.
- RunnerRsa will not be liable and you agree not to claim for any direct, indirect, incidental, exemplary or consequential loss or damages which may be incurred by user or service provider as a result of using our Services, or as a result of any changes, data loss or corruption, cancellation, loss of access, or downtime to the full extent, and that in such conditions limitation of liability laws and clause apply.
DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY
- Users expressly agree that use of the Website / App is being used at his / her sole risk. Neither us nor our affiliates, employees, directors, partners, agents, third party content providers or licensors warrant that the Website / App will be uninterrupted or error free; nor do they make any warranty as to the results that may be obtained from use of Website / App, or as to the accuracy, reliability or content of any information, service, or merchandise provided through the Website / App.
- The Website / App is provided on an “as is” basis without warranties of any kind, either express or implied, including, but not limited to, warranties of title or implied warranties of merchantability or fitness for a particular purpose, other than those warranties which are implied by and incapable of exclusion, restriction or modification under the laws applicable to this Agreement.
- Notice of liability: despite regular controls we are not liable for any negligence at our hands, should one occur. The said user is himself fully responsible for his / her respective usage. Please contact us if you notice pages with illegal or immoral content. The legal information in this Agreement also applies to our social media outlets, such as Facebook, Google+, Twitter, LinkedIn.
- This disclaimer of liability applies to any damages or injury caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction or unauthorized access to, alteration of, or use of record, whether for breach of contract, tortuous behavior, negligence, or under any other cause of action. User specifically acknowledges that we are not liable for defamatory, offensive or illegal conduct of other users or third-parties and that the risk of injury from the foregoing rests entirely with user.
- In no event will we or any person or entity involved in creating the Website and Mobile Application be liable for any damages, including, without limitation, direct, indirect, incidental, special, consequential or punitive damages arising out of the use of or inability to use Website / App. User hereby acknowledges that the provisions of this section shall apply to all content on the Site and our Mobile Application.
- In addition to the terms set forth above neither we nor our affiliates, suppliers or vendors shall be liable regardless of the cause or duration, for any errors, inaccuracies, omissions, or other defects in, or untimeliness or unauthenticity of the information contained within the Website / App, or for any delay or interruption in the transmission thereof to the user, or for any claims or losses arising there from or occasioned thereby. None of the foregoing parties shall be liable for any third-party claims or losses of any nature, including, but not limited to, lost profits, punitive or consequential damages.
- This User Agreement template is not legal advice and by using them you agree to this disclaimer. The content of this document is for informational purposes only and does not constitute advertising, a solicitation or legal advice. Its recommended that you should take independent legal advice before publishing this agreement on your site or mobile application. You should read the information with care and modify, delete or add all and any areas as necessary. Use of, access to or transmission of such materials and information or any of the links contained herein is not intended to create, and receipt thereof does not constitute formation of, an attorney-client relationship between us and the user. The information contained is provided only as general information and may or may not reflect the most current legal developments; accordingly, information is not promised or guaranteed to be correct or complete. We expressly disclaim all liability in respect to any actions taken or not taken based on any or all of the contents of this content.
- Disclaimer of Content: Every effort has been made to ensure that the information contained in this Site / App is accurate and true. The content of the Site / App is believed to be correct at the time of compilation. However, RunnerRsa makes no representations or warranties about the content and suitability of the information contained herein for any purpose. RunnerRsa, its servants, agents and employees disclaim all liability for the accuracy, completeness, or usefulness of any information, apparatus, products or process disclosed and for any error or omission therein.
- You may view, download and copy information and materials available on this Website solely for your personal, non-commercial use. Even though RunnerRsa does everything in its hand to protect both your information and financial transaction details, the Site is not liable for any fraud, theft or financial misdemeanor that may occur as a result of your financial transactions on out Site.
MEMBER ACCOUNT, PASSWORD, AND SECURITY
- Since the Services require user and service provider to open an account, you must complete the registration process by providing RunnerRsa with current, complete and accurate information as prompted by the applicable registration form. You are entirely responsible for maintaining the confidentiality of your password and account. Furthermore, you are entirely responsible for any and all activities that occur under your account. You agree to notify RunnerRsa immediately of any unauthorized use of your account or any other breach of security. RunnerRsa will not be liable for any loss that user may incur as a result of someone else using your password or account, either with or without your knowledge. However, you could be held liable for losses incurred by RunnerRsa or another party due to someone else using user’s account or password.
- The Site has taken strong measures to protect the security of your personal information and to ensure that your choices for its intended use are honoured. We take strong precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. You also have a significant role in protecting your information. No one can see or edit your personal information without knowing your user name and password, so do not share these with others.
- Since this is an intermediary and an ‘information only site’, we do not guarantee your e-commerce transactions to be entirely safe and secure. When you place orders through our website or online payment gateway service providers (“OPGSPs”), listed on the Site, you must ensure that you agree to the terms and conditions of the said OPGSPs agreement. RunnerRsa shall not be liable should there be a discrepancy in refund, loss or misuse of credit card details, hacking of sensitive monetary information.
- All comments, feedback, information or materials submitted to RunnerRsa through or in association with our Website shall be considered non-confidential and Company’s property. By submitting such comments, information, feedback, or materials to us, you agree to a no-charge assignment to RunnerRsa of worldwide rights to use, copy, modify, display and distribute the submissions. RunnerRsa may use such comments, information or materials in any way it chooses in an unrestricted basis. Users are welcome to provide candid feedback to us
- When you visit our Site, we may place “cookies” on your computer to recognize you. We do this to store your preferences, collect statistical data and track your use of our Service. Cookies are widely used, and most web browsers are configured initially to accept cookies automatically. If you prefer not to accept cookies, you may adjust and configure your browser settings accordingly. However, if you turn off cookies, or refuse to accept a request to place a cookie, some features and services on the Site may not function properly. Ad companies (including but not limited to Google and Facebook) may also place cookies on your computer to track your activities across various sites so that they can display targeted advertisements.
General Provisions and termination
- If any provision of this Agreement is deemed void, unlawful or otherwise unenforceable for any reason, that provision shall be severed from this Agreement and the remaining provisions of this Agreement shall remain in force. This contains the entire agreement between you and RunnerRsa concerning your use of the Site.
- You agree that we may, at our sole discretion, permanently or temporarily suspend or terminate your access to all or parts of the Site and Services with or without notice and for any reason, including, without limitation, breach of this User Agreement, and/or any suspected illegal and/or fraudulent or abusive and/or competitive activity may be grounds for terminating your access and may be referred to appropriate law enforcement authorities. Upon suspension or termination, your right to use the Site will immediately cease.
IN WITNESS WHEREOF, all users, visitors and service provide agree that they have read this document and agrees to be bound by them for as long as they continue to either use the Site or avail Services of RunnerRsa.
RUNNERRSA DATA PRIVACY AND PROTECTION POLICY
When you use RunnerRsa, you entrust us with your personal information also known as data. RunnerRsa is unable to operate their RunnerRsa Delivery System and deliver goods which you order promptly and efficiently without your personal information. For this reason it is absolutely crucial for RunnerRsa to ensure that treats your personal information with absolute fidelity and integrity.
- The purpose of this policy document is to ensure that you clearly understand the policies that RunnerRsa and all the users of the RunnerRsa delivery at and related network, i.e. customers, vendors, delivery drivers and third party service providers, must strictly comply with.
his document describes the personal data we collect, how it’s used and shared, and the users’ respective elections available to them in relation to this data.
Kindly read this document carefully and ensure you understand it.
Area of Operation
- RunnerRsa operates in the Republic of South Africa. This policy document is only applicable in the Republic of South Africa to users of RunnerRsa’s services, including users of RunnerRsa’s apps, websites, features, or other services.
- This notice describes how RunnerRsa and its affiliates collect and use personal data. This notice applies to all users of RunnerRsa’s app, websites, features, or other services in the Republic of South Africa users of the RunnerRsa delivery at and related network, i.e. customers, vendors, delivery drivers and third party service providers.
- This notice governs RunnerRsa’s personal data collection practices in connection with RunnerRsa’s services and must be read with RunnerRsa’s “Personal Information Protocol” to be found at the end of this notice on. All those subject to this notice are referred to collectively as “users” in this notice.
- The collection, assimilation, storage and use of Personal Information in the Republic of South Africa is primarily governed by the Protection of Personal Information act no 4 of 2013 and its related regulations, as amended from time to time. RunnerRsa fully acknowledges that it is bound to comply with this legislation fully, and if for any reason, anything contained in this notice or RunnerRsa is Personal Information Protocol attached to this notice conflicts with the Reflection of Personal Information Act of the Republic of South Africa, any such conflicting clause, or a portion of the clause that conflicts with this act, shall be deemed to be invalid and of no force and effect, however the rest of this notice shall be valid and enforceable insofar as it does not conflict with the aforementioned Act or related legislation.
Responsible Data Custodian
- ……………………is responsible for election, control and handling of all personal data collected in connection with use of RunnerRsa’s services in the Republic of Africa.
- Questions, comments, and complaints about RunnerRsa’s data practices can be submitted to support@RunnerRsa.co.za. You may also use this address to submit a question to RunnerRsa’s Data Protection Officer.
Data Collection and Use
- RunnerRsa collects, assimilates, stores and users data which is essential for opening an account with RunnerRsa, from customers; Location, app usage, device data and other related information is collected to optimise utilisation of the app by the customer and the Delivery Driver; third party data from users of RunnerRsa Application Programming Interfaces.
- RunnerRsa collects, assimilates, stores and uses customer user profile data including their name, email, phone number, login name and password, address, profile picture, payment or banking information (including related payment verification information), driver’s license and other government identification documents (which may indicate document numbers as well as birth date, gender, and photo); vehicle or insurance information of delivery drivers, emergency contact information, user settings, gender and/or occupation, where applicable; photos submitted by users to verify their identities, such as through facial recognition; background check and identity verification information for delivery drivers; information such as driver history, drivers licence and criminal record, where applicable; information relating to the age of the customer where alcohol or cigarettes are ordered; general non-personal demographic data about users received directly from the users or alternatively from a third party for the purpose of assisting us to optimise the delivery service; customer feedback information relating to customer service for optimisation of the efficiency and promptness of the delivery service, ensuring that all businesses in the network, and delivery drivers optimise their service to customers; logistical data populated during the ordering and delivery process, including establishment or retail outlet location data; precise or approximate delivery driver and customer location data is assimilated in real-time and synchronised between the central data collection point or points and devices of retail outlets, establishments, drivers and customers via the RunnerRsa app, only when the RunnerRsa app is active and enabled on the respective device, accurately updating all participants in real-time as to the location of the public responsible for providing the goods, the position of the delivery driver and the customer, respectively, to ensure optimisation of the efficiency and convenience of the chain of delivery and to enhance safety features, detect and prevent fraud wherever possible.
- Delivery driver location data, and links location data is collected 24/7, even if the delivery driver’s RunnerRsa app is not enabled to facilitate the provision of services such as receipt generation and customer support to delivery drivers.
- Transaction information is collected, including the description and quantity of the goods and services ordered for delivery, order details, delivery information, date and time the service was provided, amount charged, distance travelled, and payment method.
- RunnerRsa collects data about the devices used to access our services, including the device models, IP address, operating systems and versions, software, preferred language, unique device identifiers, advertising identifiers, serial numbers, device motion data, and mobile network data.
- All users of the RunnerRsa app are able to communicate with each other and RunnerRsa via the app and its related network. Delivery drivers, retail outlets and restaurants and customers may interact with each other by voice call, WhatsApp, text (SMS) and/or unique internal messaging system and where applicable they are able to send files to each other, ordinarily without disclosing their respective mobile phone numbers. RunnerRsa receives, collects and assimilates certain data regarding the calls, texts, whatsapps or other communications, including the date and time of the communications and the content of the communications. RunnerRsa uses this data for customer support services, including dispute resolution between users, enhancement of safety and security, improvement of RunnerRsa products and services, and for analytics.
- Audio or video recordings lawfully recorded and sent by customers or service providers to RunnerRsa or affected network participants are collected, assimilated, and stored, securely, in encrypted format, on a strictly confidential and case sensitive basis, for the purpose of enabling customers and service providers to record any unlawful activity, poor service, relevant misconduct, or safety incidents.
- RunnerRsa collects, assimilates and stores user feedback, ratings, and compliments; referrals from users and third parties or prospective customers; data relating to third-party delivery requests from existing account holders, including retail outlets and establishments; RunnerRsa business network participant data (vendors’ data); relevant service provider data; payment facilitation data, social media services, or apps or websites that utilise RunnerRsa’s Application Programming Interfaces; data from third party business participants whose Application Programming Interfaces utilised by RunnerRsa or processing transactions and related activities; data from third-party service providers to assist RunnerRsa with user of verification and background checks where applicable; data from insurance, vehicle, or financial services providers for delivery drivers, publicly available sources and marketing service providers.
- In order to ensure optimum performance of RunnerRsa’s app-based delivery service through its entire network of operation, it is essential for RunnerRsa to assimilate and/or combine any data collected. This data is stored according to its RunnerRsa Personal Information Protocol (attached hereto.)
- RunnerRsa collects and uses data to enable optimum, efficient, reliable and convenient delivery of goods and services ordered by customers, which absolutely requires real-time clear communication between RunnerRsa, vendors, third party service providers and customers and other products and services.
- Personal data collected is used to enhance the safety and security of vendors and customers alike; for customer support; for research and development in order to constantly improve our offering; to enable communications between users in real-time; to send marketing, and service related communications to users; In connection with legal proceedings were RunnerRsa is required to co-operate with the respective lawfully constituted authorities.
- RunnerRsa does not sell or share user personal data with third parties under any circumstances for their direct marketing, except with users’ express consent, and subject to full compliance with all requirements as stipulated in the Protection of Personal Information Act no 4 of 2013, of the Republic of South Africa.
- RunnerRsa uses the data it collects to provide, personalize, maintain, and improve its products and services, including creation of and updating users’ accounts; verification of delivery drivers’ identity, background history, and eligibility to work; conducting background checks on all directors, shareholders, staff of vendors and franchisees participating in the RunnerRsa business network via the RunnerRsa app and related technology; to facilitate,, constantly improve, and optimise, fluid and efficient logistics, deliveries, and other services; to offer, process, or facilitate payments for our services; to offer, obtain, provide, or facilitate insurance, vehicle, invoicing, or financing solutions in connection with its services to monitor, in real-time, and share, the progress of rides or deliveries; to enable features that allow users to share information with other people, such as when riders submit a compliment about a driver, when delivery recipients provide feedback for a restaurant or delivery person, refer a friend to RunnerRsa, split fares, or share ETA and location with their contacts; to enable features to personalize users’ RunnerRsa accounts, such as creating bookmarks for favourite places, and to enable quick access to previous destinations; to enable accessibility features that assisting disabled users to use our services; to perform internal operations necessary to provide our services, including to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends
- RunnerRsa uses personal data to optimise, constantly upgrade and improve the safety, security, and integrity of our services constantly maximising and prioritising protection of users in real-time, including comprehensively screening and verifying all delivery drivers, vendors and franchisees’ credentials, including those of their staff to prevent criminals, potential criminals or high risk individuals with a compromised credit history, or a history of unlawful social media or internet activity, from accessing or utilising and/ or compromising the RunnerRsa app, network and related business ecosystem.
- RunnerRsa may use data from delivery drivers’ devices to monitor their driving habits and ensure that they comply with the law and drive safely, and RunnerRsa uses data from delivery drivers’ devices to verify the vehicles they use and to ensure that they are in a satisfactory condition and are roadworthy, and do not have the potential to endanger customers or vendors or members of public or damage the Rand and image of RunnerRsa.
- RunnerRsa uses information derived from driver’s license photos, and other photos submitted to RunnerRsa, for safety and security purposes to ensure that the duly authorised driver of all delivery vehicles is in control of and driving the vehicle at all times and preventing an unverified high-risk third-party from unlawfully conducting the delivery on behalf of the driver who should be doing so, in real-time.
- RunnerRsa constantly compares photographs on file against photographs of other users to prevent identity-borrowing, and from public databases to verify user identity; uses device, location, profile, usage, and other data to prevent, detect, and combat fraud or unsafe activities utilises user ratings and feedback to disincentivise socially unacceptable behaviour, and the behaviour or inefficiency on behalf of delivery drivers, and automatically deactivates delivery drivers who fail to maintain a satisfactory score on RunnerRsa’s algorithmic delivery driver scorecard.
- RunnerRsa uses the information collected (including recordings of customer support calls with notice to and the consent of the user) to provide customer support, including addressing questions to the appropriate customer support person; investigating and addressing user concerns; monitoring and improving our customer support responses and processes; for testing, research, analysis, product development, and machine learning to constantly enhance the user experience, safety and security of our services, prevention of unlawful activity which could be harmful to users, and system integrity, development of new features and products; for optimising real-time vendor and customer communications and location and assistance in order to ensure, as far as possible, a secure, convenient and prompt service to vendors and customers alike; to ensure that customers are fully informed at all times of our services, features, promotions, news, updates, events and product enhancements and those of our RunnerRsa network partners.
- It is the express policy of RunnerRsa not to sell users’ personal data to, any third parties whatsoever, including but not limited to network partners, to facilitate direct marketing under any circumstances.
- Any data transmitted to participating network partners for related third parties, is only transmitted to them subject to the strict written terms and conditions enforcing absolute confidentiality and restrictive conditions under which they are permitted to utilise such data.
- RunnerRsa may use the data to personalize the marketing communications (including advertisements) that we transmit to customers.
- RunnerRsa uses the data to generate and transmit receipts to customers and inform them of changes to our terms, services, or policies.
- RunnerRsa shall be fully entitled to utilise personal data collected for the purpose of conducting investigations into or resolving complaints or disputes pertaining to RunnerRsa vendors’, users and customers’ service experience, and for the purpose of cooperating with any investigation by South African Police Services or any related government regulatory authority.
- RunnerRsa uses personal data to make automated decisions relating to use of our services which includes enabling real-time pricing and invoicing for RunnerRsa orders, determined based on variable algorithmic input, such as product prices collection time, traffic, distance, optimised route, availability of delivery driver; data utilised to optimise utilisation of delivery drivers in real-time; data utilised to rate the delivery drivers, deactivate or them based on the service and performance, or lack thereof; data utilised to deactivate any customers with a criminal background, who have committed fraud, or mistreat vendors or drivers or failed to pay in the past.
- RunnerRsa fully reserves the right to deactivate any users who abuse RunnerRsa services, or indicate, based on high-risk history or high-risk conduct that they have the potential to negatively affect RunnerRsa, vendors, franchisees, third party service providers or customers in any way whatsoever.
- RunnerRsa utilises information related to delivery driver location and customer behaviour to determine whether any cancellation fees for additional pricing, or pricing adjustments are to be levied where appropriate.
- RunnerRsa shall be entitled to utilise any information received from the public in relation to historical unlawful or abusive conduct in relation to RunnerRsa’s services by vendors, delivery drivers customers and determine the appropriate remedial action.
- If for any reason a user has reason to believe that a vendor, delivery driver or customer has committed any misconduct in relation to the RunnerRsa delivery network, or otherwise, or historically committed misconduct which indicates that he will she or it constitutes a potential risk to the integrity of the RunnerRsa delivery network or other users, and should be deactivated, sanctioned or penalised in any manner, kindly contact RunnerRsa customer support by clicking the link below.
- RunnerRsa utilises small text files known as “cookies”, and other identification technology on our apps, websites, emails, and online ads to assist you to “remember” the last time you visited any of our websites or utilised in RunnerRsa application or services and to assist us with identifying you if you revisit our website or utilised any of the services in order to authenticate users; evaluate content effectiveness and popularity; enhance our services and optimise security.
- In order to facilitate optimal functioning of our delivery-service and related communication technology within our RunnerRsa delivery app, its network, and its business ecosystem, it is absolutely essential for RunnerRsa to share certain user data with vendors and customers, or, with users express consent, our network-participants.
- RunnerRsa does not share any data without express consent of the owner of that data. Data collected from customers, vendors and network-participants is utilised as restrictively as possible with the utmost discretion and confidentiality, solely to constantly optimise and enhance RunnerRsa’s services, and is shared with third parties, who expressly consent in writing to strict confidentiality, restricted, and lawful use of the data, strictly subject to utmost confidentiality, and data integrity protocols which comply with all South African legislation including but not limited to the Protection Of Personal Information Act no. 4 of 2013 of the Republic of South Africa, and it’s applicable Regulations, as amended, in all respects.
RunnerRsa May Collect and Share
- Delivery drivers’ names, ratings, real-time location where required, pickup and/or drop-off locations with other drivers; customer’s first name, delivery address, and order information with the driver delivering the order, and the vendor, retail outlet or restaurant making the goods ordered available for collection to the delivery driver; ratings and feedback, and other relevant necessary information, with the vendor and the delivery driver.
- RunnerRsa shares the delivery driver’s name and photo; vehicle make, model, colour, license plate, and vehicle photo; real-time location; average rating provided by users; total number of trips; length of use of the RunnerRsa app; contact information where required and permitted by law; and delivery driver’s personal RunnerRsa profile, including compliments and other feedback submitted by past users with all vendors.
- RunnerRsa provides delivery drivers and customers with receipts, account statements, delivery driver’s first name, photo, route map, and such other information required on invoices where applicable.
- RunnerRsa collects, stores and assimilates data required to operate RunnerRsa’s referral bonus program which is shared only in so far as is strictly necessary to compute the applicable referral commission.
- In certain limited circumstances RunnerRsa shares information, at the customer’s express request, with other people i.e. ATA and location with a friend of the user.
- RunnerRsa may share certain data with third party vendors and service providers, who utilise, and are integrated in RunnerRsa’s system network, such as vendors’ promotional purposes.
- Questions or comments from users submitted through public forums such as RunnerRsa blogs and RunnerRsa social media pages may be viewable by the public, including any personal data included in the questions or comments submitted by a user.
- If a customer requests a delivery using an account owned by a third party, RunnerRsa may share the relevant order or trip information, including real-time location data, with the third party account holder, i.e. where a delivery driver uses an account owned by or associated with a RunnerRsa franchisee company or a vendor.
- RunnerRsa shares data with its subsidiaries, affiliated service providers, and franchisees to help them provide our services or conduct data processing on our behalf.
- RunnerRsa may share users’ personal data if it is required by law, regulation, operating license or agreement, or where the disclosure is otherwise appropriate protection of individuals, entities, institutions and/or RunnerRsa network and systems integrity, safety and/or security or related lawful and valid reasons.
- RunnerRsa may require to share personal data with law enforcement officials, public health officials, other government authorities, or other third parties if it is strictly necessary to enforce any RunnerRsa contractual terms as against service providers, vendors or customers so as to protect RunnerRsa’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services.
- RunnerRsa shall be required by law to share their customer or vendor’s data, including trip or order information, with the owner of a credit card.
- RunnerRsa may share a user’s personal data other than as described herein if expressly and lawfully consented to by that user.
- Subject to strict compliance with the Protection of Personal Information Act no. 4 of 2013 of the Republic of South Africa, and any of its applicable regulations, as amended, and RunnerRsa’s Personal Information Protocol (attached hereto), RunnerRsa shall retain user data for as long as is necessary.
- Users may request deletion of their accounts at any time. RunnerRsa may retain user data after a deletion request of complying with legal or regulatory requirements including but not limited to the Protection of Personal information Act of the Republic of South Africa, or any other reasons stated herein.
- Customers, vendors and third party service providers offer limited, subject to any written agreement to the contrary, may request deletion of their account at any time through the Settings > Privacy menus in the RunnerRsa app, or through RunnerRsa’s website at the appropriate link for the particular category of user.
- Following an account deletion request, RunnerRsa shall delete the user’s account and data, unless they must be retained due to legal or regulatory requirements, for purposes of safety, security, and fraud prevention, or because of an issue relating to the user’s account such as outstanding credit or an unresolved claim or dispute.
- The Protection of Personal Information Act of the Republic of South Africa no 4 of 2013, and it’s applicable Regulations, as amended, requires RunnerRsa to retain certain data for a particular periods stipulated therein, and RunnerRsa strictly complies with any data retention stipulations contained in this legislation and has compiled a Personal Information Protocol which it is strictly follows (attached hereto.)
- In view compliance with the Protection of Personal Information Act of the Republic of South Africa no 4 of 2013, and it’s applicable Regulations, as amended, vendors account information etc. is retained for minimum of 7 years, however delivery drivers and customers’ information is not retained for more than 30 days from the deletion request subject to the particular account not being required for legal enforcement or investigation.
- RunnerRsa strictly only collects and utilises personal data when it is lawfully permitted to do so for the purpose of providing, securing and enhancing RunnerRsa services and features, to comply with the law and legislation, protect RunnerRsa’s rights, and those of its vendors, service providers and delivery drivers, and such personal data is only collected and utilised with consent of the person or entity to whom this personal data belongs.
- Reasons for collecting and utilising personal data include but are not limited to provision of, enhancement of RunnerRsa services and features as requested
- User-profile data, is used to establish and maintain user accounts; verify user identity; communicate with users about their trips, orders, and accounts; and enable users to make payments or receive earnings.
- Trip information and applicant’s history is used to verify an applicant’s eligibility to be a delivery driver
- Delivery drivers’ location data is used to monitor their trips and/or progress and/or estimated time of arrival to respective waypoints, and assist with navigation, updating of vendors and customers in real-time.
- Usage data, is essential for maintaning, optimizing, and enhancing RunnerRsa’s services, including to determine incentives, connect delivery drivers, and calculate costs of trips and driver earnings.
- Transaction information, and information relating to customer support is essential for self- explanatory reasons.
- Personal data required to maintain and enhance our users’ safety and security is essential to protect RunnerRsa from, and, prevent use of our services by users who have engaged in inappropriate, dangerous, or unlawful conduct, or to prevent matching of delivery drivers and/or vendors and/or customers who are at a higher risk of conflict for confrontation due to historical or algorithm-based dedications, such as a record of prior conflict, or prevention of fraud; enhancement of our services, lawful and appropriate consent-based direct marketing, research, and development; and enforcing RunnerRsa’s contractual rights in relation to vendors, third-party service providers and customers, or using personal data, where appropriate, for the purpose of providing legal protection and insurance related information to members of the public.
- RunnerRsa is subject to the Protection of Protection of Personal Information Act of the Republic of South Africa no 4 of 2013, and it’s applicable Regulations, as amended which stipulates certain policies and procedures in relation to collection of, sharing, and/or storage of personal data for particular periods and RunnerRsa strictly complies with this legislation and related legislation, only receiving, collecting, assimilating and storing data as required by this legislation, and in accordance with the legislation’s stipulated protocols and procedures. RunnerRsa complies with RunnerRsa’s Personal Information Protocol attached to this notice at the end, and RunnerRsa strictly requires all its third party service providers to contractually agree to comply with RunnerRsa’s Personal Information Protocol at all times in relation to receipt, collection, assimilation and storage of users’ Personal Information at all times.
- RunnerRsa may also share data with law enforcement regarding criminal acts or threats to public safety, or requests by third parties pursuant to legal processes. RunnerRsa may also share information with public health authorities where required or permitted by law.
- RunnerRsa only collects and uses personal data subject to user’s consent which may be revoked at any time. If user-consent is revoked, that user shall no longer be entitled to utilise any of RunnerRsa’s Services which require of unique personal data.
- Any user who has consented consent to a collection or use of their personal data can revoke it at any time, however, the user will not be able to use any service or feature that requires collection or use of that user’s personal data.
- Upon withdrawing permission to utilise or store personal data from a particular user, the data shall immediately be deleted, subject to the condition that if the data is required by law enforcement bodies such as South African Police Services, for example, or for civil enforcement by RunnerRsa or a network participant, it shall be retained until no longer required.
- RunnerRsa enables users to access and control the data that RunnerRsa collects, including through in-app settings; device permissions; in-app ratings pages; marketing opt-outs.
- RunnerRsa enables users to request access to or copies of their data, changes or updates to their accounts, deletion of their accounts, or that RunnerRsa restrict its processing of user personal data.
- Settings menus in the RunnerRsa app for delivery drivers enables them to input unique location update and sharing, and mobile notification preferences.
- Information about these settings, how to set or change these settings, and the effect of turning off these settings is clearly explained on the RunnerRsa app.
RunnerRsa uses delivery drivers’ device location tracking services to facilitate management of optimal real-time selection and utilisation of delivery drivers, and assisting delivery drivers with navigation, in order to optimise punctuality and minimising collection and delivery delays, constantly improving RunnerRsa’s services, customer and vendor service and support.
- Delivery Drivers may permit or prohibit location data collection from their mobile devices by RunnerRsa via Settings > Privacy menus in the RunnerRsa app. Delivery drivers and customers may permit or prohibit disallow such collections through the settings on the RunnerRsa app downloaded on their mobile device.
- Customers and vendors who have enabled RunnerRsa to collect location data from their mobile device may also enable RunnerRsa to share their location with delivery drivers from the time the delivery order is placed. This facilitates seamless, efficient and punctual collection and delivery of orders. This also assists RunnerRsa, vendors and drivers to communicate in real-time with the customers, and vice versa, as to accurate estimated times of collection and delivery.
- Customers and delivery drivers who have enabled RunnerRsa to collect location data from their mobile device may also enable the Emergency Data Sharing feature that shares data with emergency police, fire, and ambulance services. Such data includes approximate location at the time the emergency call was placed; the car’s make, model, colour, and license plate information; the rider’s name and phone number; pickup and drop-off locations; and the delivery driver’s name.
- RunnerRsa provides users with trip status notifications and updates related to activity on their account. These notifications are an essential part of utilising the RunnerRsa app and may not be disabled. However, users may select the method by which they receive these notifications on the RunnerRsa app.
- Users may enable RunnerRsa to send notifications about discounts and news from RunnerRsa. Notifications may be enabled or disabled by the RunnerRsa app.
- Customers who have elected to receive communications from vendors and related retail partners may stop sharing their data with any of the vendors or related retail partners via the RunnerRsa app.
- Most mobile device platforms (iOS, Android, etc.) have defined certain types of device data that apps may not access without the device owner’s permission, and these platforms have different methods of obtaining permission. iOS devices notify users the first time the RunnerRsa app requests permission to access certain types of data and gives users the option to grant or refuse permission. Android devices notify users of the permissions that the RunnerRsa app seeks before their first use of the app, and use of the app constitutes a grant of such permission.
- Customers, vendors, retail partners, and delivery drivers are able to rate each other on a scale from 1 to 10. An algorithmic rating functionality in the back end of the RunnerRsa app assimilates and analyses this data and rates the respective parties in accordance with the median ratings associated with a particular party, in real-time. These ratings are displayed, where appropriate, to the respective users requiring such information. The utmost discretion is used at all times with regard to the rating system.
- This rating system is essential to incentivise all participants in the RunnerRsa network to optimise their behaviour and to dis-incentivise antisocial, negative, high-risk behaviour, misconduct or service.
- Users may elect not to receive promotional emails from RunnerRsa on the app. Users may also opt out of receiving emails and other messages from RunnerRsa by following the unsubscribe instructions in those messages. RunnerRsa may still transmit non-promotional communications such as receipts for rides or information about their account to users who have opted out.
- RunnerRsa provides users with a variety of methods to learn about, control, and submit questions and comments about RunnerRsa’s handling of their data on the RunnerRsa app.
- Users may ask for an explanation of the data we collect from them and how we use it via the RunnerRsa app.
- Users may request a copy of data that RunnerRsa collects from them with their consent or as necessary to provide our services via the RunnerRsa app.
- Users may edit the name, phone number, email address, payment method, and photo associated with their account, or request RunnerRsa to amend or update their data, including if they believe such data is inaccurate or incomplete via the Settings menu in the RunnerRsa app.
- Users may request deletion of their account at any time via the RunnerRsa app.
- Users may request that RunnerRsa ceases to collect, store or utilise all or some of their personal data, or that it limits RunnerRsa’s use of their data Via the RunnerRsa app. RunnerRsa may continue to process data after such objection or request to the extent required or permitted by the Protection of Personal Information Act no. 4 of 2013, as amended.
- Users may file a complaint relating to RunnerRsa’s handling of their personal data with the Information Regulator as stipulated in sections 74 and 75 of the Protection of Personal Information Act no. 4 of 2013.
- To participate as a RunnerRsa user, you must permit the RunnerRsa Delivery Services to access your location services through the permission system used by your mobile operating system or browser. RunnerRsa may collect the precise location of your device when the RunnerRsa app is running in the foreground or background of your device. We may also establish your approximate location from your IP address. We use your location information to verify that you are present in your preferred region or city when you begin or engage in a delivery through the RunnerRsa Delivery Services, connect you with delivery opportunities in your zone, and track the progress and completion of your Deliveries. You may enable the location tracking feature through the settings on your device or Platform or when prompted by the RunnerRsa mobile app which you are required to download. If you select to disable the location feature through the settings on your device or Platform, RunnerRsa will not receive precise location information from your device, which will prevent you from being able to receive notification of delivery opportunities in your area
RUNNERRSA PERSONAL INFORMATION PROTOCOL
COMPLIANCE WITH THE PROTECTION OF PERSONAL INFORMATION ACT, NO. 4 OF 2013 AND REGULATIONS AND RELATED DATA PROTECTION LEGISLATION OF THE REPUBLIC OF SOUTH AFRICA
- RunnerRsa shall make or obtain and maintain all necessary registration or filings and notifications or consents which such it is obliged to obtain and maintain pursuant to the Protection of Personal Information Act, No. 4 of 2013 and its Regulations and related data protection legislation of the Republic Of South Africa in relation to Users’ Information and RunnerRsa Information.
- RunnerRsa shall nominate a representative within its organisation with responsibility to respond to all of Users’ queries regarding the processing of Users’ Information and RunnerRsa shall ensure that it responds to all such queries promptly, being a reasonable period of time (not to exceed any statutory imposed time limit).
- Where RunnerRsa receives, processes, transmits, archives, purges or stores any Users’ Information on behalf of Users’ in the role of an Operator, RunnerRsa represents and warrants that Data Safeguards shall be implemented as agreed. Information security procedures, processes and systems shall at all times meet all applicable obligatory statutory and regulatory requirements related to the collection, storage, processing, archiving, purging and transmission of Users’ Information.
- Where RunnerRsa receives, processes, transmits, archives, purges or stores any Users’ Information, RunnerRsa represents and warrants that optimum Data Safeguards shall be implemented. Information security procedures, processes and systems shall at all times meet all applicable obligatory statutory and regulatory requirements related to the collection, storage, processing, archiving, purging and transmission of RunnerRsa Information.
- RunnerRsa warrants that it shall at all times comply with the Protection of Personal Information Act, No. 4 of 2013 and its Regulations and related data protection legislation of the Republic Of South Africa in relation to Users’ Information, and that it has all the necessary consents or authorisation to provide Users’ Information to RunnerRsa, and for RunnerRsa to process Users’ Information, pursuant to this Agreement, and the instructions given by Users.
- RunnerRsa shall process Users’ Information for the sole purpose of performing the Services under this Agreement.
PROTECTION OF USERS’ INFORMATION
- RunnerRsa warrants that when processing any Personal Information for and on behalf of Users it shall:
- Fully comply with any relevant statutory obligations contained in the Protection of Personal Information Act, No. 4 of 2013;
- Process Users’ Information only with the knowledge and consent of Users as is necessary to optimise the functionality of RunnerRsa’s application-based delivery system and fulfil its contractual obligations to all the Users, including, vendors, delivery drivers and customers;
- Not disclose Users’ Information to any third parties without the written consent of Users unless required by law or in the course of the proper performance of RunnerRsa’s duties;
- Comply strictly with the Protection of Personal Information Act, No. 4 of 2013, was specific reference to sections 19 to 21 thereof and notify Users immediately, without undue delay, but no later than 24 hours, where there are reasonable grounds to believe that Users’ Information has been accessed or acquired by any unauthorised person;
- Fully assist and cooperate with any affected Users and/or the Information Regulator, during any regulatory or other lawful investigation into any suspected Information Security Compromise and provide all information, and/or documentation to the appropriate party conducting the investigation.
- Establish and maintain security measures to secure the integrity and confidentiality of Users’ Information in its possessions or under its control by taking appropriate, reasonable technical and organisation measures to prevent loss of, damage to, or unauthorised destruction of personal Information and unlawful access to, or processing of, Users Information and shall take reasonable measures to:
- Identify all reasonably foreseeable internal and external risks to Users’ Information in its possession or under its control;
- Establish and maintain appropriate Data Safeguards against the risks identified;
- Regularly verify the Data Safeguards are effectively implemented; and
- Ensure that Data Safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
- RunnerRsa warrants that when processing any Personal Information for and on behalf of Users it shall:
- The requirements set out below are in addition to any other requirements of this Agreement and present a minimum standard only. It is RunnerRsa’s sole obligation to implement appropriate measures to secure Users’ Information against internal and external threats and risks; and continuously review and revise those measures to address ongoing threats and risks.
- Information Security Policy
- RunnerRsa shall establish and maintain a formal, documented, mandated, company wide information security program, including security policies, standards and procedures (collectively “Information Security Policy”). The Information Security Policy shall be communicated to all RunnerRsa’s personnel in a relevant, accessible and understandable form and shall be regularly reviewed and evaluated to ensure its operational effectiveness and compliance with all applicable laws and regulations and to address new threats and risks.
- Personnel and RunnerRsa Protections:
- RunnerRsa shall screen all Personnel in contact with Users’ Information for potential security risks and require all employees, RunnerRsas and sub-contractors to sign an appropriate written confidentiality / non-disclosure agreement.
- All agreements with third parties involving access to RunnerRsa’s systems and data, including all outsourcing arrangements and maintenance and support agreements (including facilities maintenance), shall specifically address security risks, controls and procedures for information systems.
- RunnerRsa shall supply each of its personnel and RunnerRsas with appropriate, ongoing training regarding information security procedures, risks and threats. RunnerRsa shall have an established set of incident response procedures to ensure that its personnel and RunnerRsas promptly report actual and/or suspected information security compromise.
- RunnerRsa shall ensure that its Personnel, in performing their obligations in terms of this Agreement, does not compromise the integrity of RunnerRsa’s Systems or Users’ Information made accessible to them and shall not commit or permit any unauthorised access, use or alteration of Users’ Information. Without limiting the aforesaid, RunnerRsa shall ensure that its Personnel do not introduce any Malware into Users’ Systems. In the event that Malware is found in Users’ Systems, RunnerRsa shall reasonably assist Users in reducing the effects of the Malware and, to the extent that the Virus causes a loss of operational efficiency or a loss of data, to reasonably assist Users to restore such loss.
- RunnerRsa shall, and shall ensure that RunnerRsa Personnel shall, comply with the Data Safeguards requirements set out in Agreement and such reasonable standard security policies of Users which Users may provide to RunnerRsa during the term.
- Access Control
- RunnerRsa shall use all reasonable efforts to prevent any unauthorised access, alteration, corruption, loss or disclosure of Users’ Information in the possession of or under the control of RunnerRsa and shall take all reasonable precautions and implement all reasonable security measures to protect the integrity of such Users’ Information, including via the implementation suitable systems security mechanisms.
- RunnerRsa shall ensure that RunnerRsa Personnel shall not attempt to access and shall not allow anyone access to Users’ Systems or Users’ Information if such Personnel or any other person has not duly been authorised to obtain such access by Users.
- RunnerRsa shall implement formal procedures to control access to its systems, services and data, including, but not limited to, Users’ account management procedures and the following controls:
- Network access to both internal and external networked services shall be controlled, including, but not limited to, the use of properly configured firewalls.
- Operating systems shall be used to enforce access controls to computer resources including, but not limited to, authentication, authorisation and event logging.
- Applications shall include access control to limit Users’ access to information and application system functions.
- All systems shall be monitored to detect deviation from access control policies and identify suspicious activity.
- Removable Media
- Except in the context of RunnerRsa’s routine backups or as otherwise specifically authorised in writing by Users, RunnerRsa shall institute strict physical and logical security controls to prevent transfer of Users’ Information to any form of Removable Media.
- Data Access, Control, and Disposal
- RunnerRsa shall use all reasonable efforts to prevent any unauthorised access, acquisition, alteration, corruption, loss or disclosure of Personal Information in the possession of or under the control of RunnerRsa.
- Users’ Information:
- may be made available and accessible only to those parties explicitly authorised under this Agreement or otherwise expressly authorised in writing by Users;
- if transferred across the Internet, any wireless network, or other public or shared networks must be protected using appropriate secure encryption as designated or approved in writing by Users; and
- if transferred using Removable Media (as defined previously), must be sent via a bonded courier or protected using appropriate secure encryption.
- the event that any hardware, storage media or Removable Media must be disposed of or sent offsite for servicing, RunnerRsa shall ensure all Users’ Information, has been “scrubbed” from such hardware and/or media utilising the optimum “scrubbing” standards generally accepted in the industry.
- Physical and Environmental Security
- RunnerRsa’s facilities that process Users’ Information shall be housed in secure areas and protected by perimeter security that provide a physically secure environment from unauthorised access, damage and interference.
- Where RunnerRsa utilises Cloud Infrastructure, it remains RunnerRsa’s responsibility to ensure that Users’ personal information shall be securely housed and adequately protected from physical threats.
- Communications and Operational Management
- RunnerRsa shall:
- monitor and manage all its information processing facilities, including, without limitation, implementing operational procedures, change management and incident response procedures and ensure that adequate provision has been made for redundancy risk in relation to all hardware and software;
- deploy best in class antiviral software and adequate backup facilities to ensure that essential business information can be promptly recovered in the event of a disaster or media failure; and
- ensure that its operating procedures shall be adequately documented and designed to protect information, computer media and data from theft and unauthorised access.
- RunnerRsa shall:
- Security Incident Notification
- RunnerRsa shall maintain procedures and protocols in order to detect and respond to any Information Security Incidents.
- RunnerRsa shall promptly notify (but in no event more than 24 (twenty-four) hours after the occurrence) notify the designated User or Users, as the case may be, immediately, by e-mail or WhatsApp or alternative electronic messaging service, of any potential or actual unauthorised access to or acquisition of personal information of Users’ data or Personal Information. The notice shall include the approximate date and time of the occurrence and a summary of the relevant facts, including a description of measures being taken to address the occurrence. An information security compromise, or breach includes instances in which internal personnel access systems in excess of their Users’ rights or use the systems inappropriately.
- RunnerRsa shall record, review and act upon all events in accordance with incident response policies set forth in the next section. If RunnerRsa becomes aware of any contravention of the data safeguards of Users or of unauthorised access by any of RunnerRsa Personnel or any other unauthorised person which may involve Users’ Systems or Users’ Information, RunnerRsa shall ensure that the relevant security Personnel of RunnerRsa is alerted immediately and shall immediately take all measures necessary to remedy any breach.
- RunnerRsa shall report any breach of security or confidentiality in relation to Users’ personal data which, RunnerRsa was not able to remedy, and which caused an irreversible, material compromise of confidentiality of Users’ personal data, to Users, describing in detail the nature of the breach and any accessed materials, and comply with any reasonable directions in relation to the personal information of Users by Users.
- In the event that the Information Regulator and/or Users carry out an investigation into a suspected or actual information security compromise, RunnerRsa shall provide reasonable assistance, including providing relevant reports or data relating to such security incident. In the event that RunnerRsa initiates such an investigation that is relevant to this Agreement, RunnerRsa shall inform Users and The Information Regulator of such investigation and its outcome, cooperate fully with any requests or requirements of the Information Regulator.
SUB-PROCESSORS OF USERS’ PERSONAL INFORMATION
- RunnerRsa may sub-contract or otherwise delegate all or any part of the processing of Personal Information to a suitable other entity (“Sub-Processor”).
- RunnerRsa shall require RunnerRsa to enter into a written agreement with the Sub-Processor containing equivalent terms to this Agreement (provided that RunnerRsa shall not permit the Sub-Processor to further sub-contract or otherwise delegate all or any part of the Sub Processor’s processing without RunnerRsa conducting due diligence with respect to the intended sub processors outsourced third party, and consenting in writing to such delegation after been fully satisfied of this third parties operational integrity and having concluded a comprehensive agreement binding both sub processes to compliance with all requirements of RunnerRsa.)
EXPORT OF USERS’ PERSONAL INFORMATION
- RunnerRsa undertakes, represents and warrants not to transfer, process, archive, delete or purge Users’ Information outside of the Republic of South Africa.
- RunnerRsa shall not export Users’ Information, without the prior consent of Users thereto and upon such terms as RunnerRsa shall reasonably require in order to legitimise the export of Users’ Information.
RETURN OR DELETION OF RUNNERRSA DATA
- Upon Users’ request and, in any event, on termination of this Agreement RunnerRsa shall immediately cease processing Users’ personal information; and destroy the data or copies, notes or extracts thereof unless otherwise required or permitted by applicable law and including but not limited to change of address requests, do-not-solicit requests, direct marketing program responses, fulfilment program information, and any other information captured from ad hoc projects or programs, within thirty (30) business days of the date of termination or expiration of this Agreement and receipt of request.
- Upon the request of Users, RunnerRsa shall also confirm in writing that RunnerRsa has complied with the obligations set forth in this clause.
RunnerRsa shall have no obligation to delete or destroy copies that:
(a) are contained in an archived computer system backup that was made in accordance with its security, e-mail retention, and/or disaster recovery procedures; or
(b) are kept by its legal department for record-keeping, archival, or governance purposes in compliance with their document retention policies. Any such retained Users’ Information shall remain subject to the terms and conditions of this Agreement for so long as it is retained. Notwithstanding the return or destruction of Users’ Information, RunnerRsa shall continue to be bound by its confidentiality and other obligations hereunder in accordance with the terms of this Agreement and with the regulations as stipulated by the Data Protection and Privacy Laws.
AUDIT AND REPORTING REQUIREMENTS
- RunnerRsa shall permit the Information Regulator or its delegated representative, to attend RunnerRsa’s facilities to inspect and audit RunnerRsa’s Technology Services where the processing of Users’ Information occurs to ensure compliance with this Agreement and with the Protection of Personal Information Act, No. 4 of 2013 in its entirety, and its regulations or affiliated schedules, as amended.
- In the event that such an inspection and audit of RunnerRsa’s facilities by the Information Regulator or its delegated authority, finds that RunnerRsa is not in compliance with this Agreement, RunnerRsa shall take all reasonable steps to promptly remedy any breach or non-compliance identified by the inspection and audit, and provide Users with a detailed report as to why such breach or non-compliance cannot be remedied, and to pay Users’ reasonable costs of such an inspection and audit, in the event of such breach or non-compliance.
- For Guest Users: The personal data of those who order or receive trips or deliveries via partner websites or apps (such as when ordering from a restaurant or grocery store), or arranged by other account owners (collectively “Guest Users”) is used solely to provide such trips, deliveries, or other services requested through a third party, and for purposes of safety and security, customer support, research and development, enabling communication between users, and in connection with legal proceedings and requirements, each as described in “How we use personal data” below. Guest User data may be shared with third parties for these purposes. Such data may be associated with, and accessible by, the owner of that account. This specifically includes Guest Users who receive deliveries ordered by friends, family members or others.
- To submit questions, comments or complaints regarding Guest User data, or to submit requests regarding such data, please email support@RunnerRsa.co.za.