Privacy Policy
Last Updated: November 28, 2025
1. Introduction
WeNation South Africa ("we," "our," or "us") is committed to protecting your personal information and respecting your privacy rights. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Protection of Personal Information Act (POPIA) No. 4 of 2013.
By using our RSVP system or attending our events, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal information as described herein.
2. Responsible Party
Organization: WeNation South Africa
Contact Email: admin@wenationsa.org
Website: https://wenationsa.org
Information Officer: WeNation Admin Team
3. Information We Collect
3.1 Personal Information
When you RSVP for our events, we collect the following personal information:
- Name: Your full name for identification and event registration
- Email Address: To send you event confirmations, updates, and communications
- Phone Number: For event reminders and urgent notifications (South African format)
- Dietary Requirements: To accommodate your needs during the event
- Number of Guests: For capacity planning and venue management
3.2 Automatically Collected Information
We automatically collect certain technical information when you use our system:
- IP Address: For security, fraud prevention, and consent verification
- Browser Information: User agent string for technical support and security
- Timestamps: Date and time of your registration and interactions
- Session Data: For maintaining your login session (admin users only)
3.3 Consent Records
We maintain detailed records of your consent preferences, including:
- Consent for event processing (required)
- Consent for marketing communications (optional)
- Consent for SMS notifications (optional)
- Timestamp, IP address, and method of consent
4. How We Use Your Information
We process your personal information for the following purposes:
4.1 Event Management (Required Processing)
- Processing your RSVP and event registration
- Sending event confirmations and tickets
- Managing check-in and attendance
- Accommodating dietary requirements
- Communicating event updates and changes
4.2 Marketing Communications (Optional - Requires Consent)
- Sending information about future WeNation events
- Newsletters and updates about our initiatives
- Invitations to participate in surveys
4.3 SMS Notifications (Optional - Requires Consent)
- Event reminders via SMS
- Urgent event updates
- Check-in confirmations
4.4 Security and Compliance
- Preventing fraud and abuse
- Monitoring security events
- Complying with legal obligations
- Maintaining audit logs
5. Legal Basis for Processing
We process your personal information based on the following lawful grounds:
- Consent: You have given explicit consent for event processing, and optionally for marketing and SMS communications
- Legitimate Interest: Security monitoring, fraud prevention, and system integrity
- Legal Obligation: Compliance with POPIA and other applicable laws
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties.
We may share your information with the following categories of recipients:
- Service Providers: Email delivery services (SMTP), SMS providers (with consent), PDF generation services
- Event Venues: Name and guest count for capacity planning
- Legal Authorities: If required by law or to protect our legal rights
All third-party service providers are contractually obligated to maintain the confidentiality and security of your personal information and may only use it for the purposes we specify.
7. Data Security
We implement industry-standard security measures to protect your personal information:
- Encryption: HTTPS/TLS encryption for all data transmission
- Password Security: Bcrypt hashing for all passwords
- Access Controls: Role-based access with session management
- CSRF Protection: Tokens on all forms to prevent cross-site attacks
- Rate Limiting: Protection against brute force attacks
- Audit Logging: Comprehensive security event tracking
- Secure Headers: X-Content-Type-Options, X-Frame-Options, CSP
- Regular Updates: Security patches and system updates
8. Data Retention
Retention Period: 90 Days After Event
We retain your personal information for 90 days after the event date to allow for post-event communications, surveys, and follow-up activities. After this period, your information is automatically deleted from our active systems.
8.1 Marketing Consent
If you have consented to marketing communications, we will retain your contact information until you withdraw your consent or request deletion. You can unsubscribe at any time using the link in our emails or by contacting us.
8.2 Legal Requirements
In some cases, we may be required to retain certain information longer to comply with legal, regulatory, or accounting requirements.
9. Your Rights Under POPIA
You have the following rights regarding your personal information:
9.1 Right to Access
You have the right to request a copy of the personal information we hold about you.
9.2 Right to Correction
You have the right to request correction of inaccurate or incomplete personal information.
9.3 Right to Deletion
You have the right to request deletion of your personal information, subject to legal retention requirements.
9.4 Right to Object
You have the right to object to the processing of your personal information for direct marketing purposes.
9.5 Right to Withdraw Consent
You have the right to withdraw your consent at any time where we rely on consent to process your information.
9.6 Right to Lodge a Complaint
You have the right to lodge a complaint with the Information Regulator if you believe your rights have been violated.
How to Exercise Your Rights
To exercise any of these rights, you can:
- Visit our Data Rights Portal
- Email us at admin@wenationsa.org
- Use the unsubscribe link in our marketing emails
We will respond to your request within 30 days as required by POPIA.
10. Cookies and Tracking
Our RSVP system uses the following cookies:
- Session Cookies: Essential for maintaining your login session (admin users). These are deleted when you close your browser.
- CSRF Tokens: Security tokens stored in your session to prevent cross-site request forgery attacks.
We do not use analytics cookies, advertising cookies, or third-party tracking scripts on our RSVP system.
11. Children's Privacy
Our events and RSVP system are not directed to children under 18. We do not knowingly collect personal information from children. If a parent or guardian becomes aware that their child has provided us with personal information without consent, please contact us immediately.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending an email to registered users (if applicable)
- Requesting renewed consent if required by law
Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Organization: WeNation South Africa
Email: admin@wenationsa.org
Website: https://wenationsa.org
Data Rights Portal: https://rsvp.wenationsa.org/data-rights.php
14. Information Regulator (South Africa)
If you believe that we have not adequately addressed your concerns, you have the right to lodge a complaint with the Information Regulator:
Information Regulator (South Africa)
JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg/
Acknowledgment
By using our RSVP system, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.