Privacy Policy

Lebo Grass ("we", "us", or "our") is committed to protecting your personal information and respecting your privacy in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, applications, and services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including visitors to our website, registered users, coaching clients, masterclass participants, and purchasers of our educational materials. By accessing or using the Services, you consent to the collection, use, and processing of your personal information as described in this Privacy Policy.

We encourage you to read this Privacy Policy carefully and to check this page periodically for updates. If you have any questions about this Privacy Policy or our data practices, please contact our Information Officer using the details provided below.

In compliance with Section 55 of POPIA, we have appointed an Information Officer who is responsible for ensuring compliance with data protection legislation and for handling all requests and enquiries relating to personal information.

Information Officer: Lebo Grass Address: Sandton Corporate Woods, Johannesburg, 2196 Email: advisory@lebogrss.co.za Phone: +27 11 000 0000

You may contact the Information Officer to exercise any of your rights under POPIA, to lodge a complaint, or to request information about our personal information processing activities.

We process your personal information for the following purposes:

(a) Service Delivery: To provide, maintain, and improve our financial coaching, property investment education, KPIPA Masterclass sessions, and other educational services.

(b) Account Management: To create and manage your user account, verify your identity, and communicate with you about your account.

(c) Booking and Scheduling: To schedule coaching sessions, masterclass sessions, and other appointments via our platform.

(d) Payment Processing: To process payments for our Services, issue invoices, and manage billing records.

(e) Communication: To send you service-related communications, respond to your enquiries, provide customer support, and send you updates about our Services.

(f) Marketing: To send you marketing communications about our products, services, and events, subject to your consent where required by law. You may opt out of marketing communications at any time.

(g) Legal Compliance: To comply with applicable laws, regulations, and legal processes, including the FAIS Act, the Financial Intelligence Centre Act 38 of 2001, and POPIA.

(h) Analytics and Improvement: To analyse usage patterns, improve the functionality and user experience of our Services, and develop new features and offerings.

(i) Protection: To detect, prevent, and address fraud, security issues, and technical problems, and to protect the rights, property, and safety of Lebo Grass and our users.

We may collect and process the following categories of personal information:

(a) Identity Information: Full name, date of birth, identity number or passport number (where required for FICA compliance), and gender.

(b) Contact Information: Email address, telephone number, WhatsApp number, physical address, and postal address.

(c) Account Information: Username, password (stored in encrypted form), and account preferences.

(d) Financial Information: Information shared during coaching sessions, including details about your income, expenses, debts, assets, investments, financial goals, and risk tolerance. Payment card details are processed by our third-party payment providers and are not stored on our systems.

(e) Transaction Information: Records of purchases, payments, booking history, and transaction amounts.

(f) Communication Information: Records of correspondence with us, including emails, messages, and notes from coaching sessions.

(g) Technical Information: IP address, browser type and version, device type, operating system, referral source, length of visit, page views, and navigation paths.

(h) Usage Information: Information about how you use our website and Services, including features accessed, content viewed, and interaction patterns.

We do not collect special personal information (as defined in Section 26 of POPIA), including information about race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life, biometric information, or criminal behaviour, unless required by law or with your explicit consent.

Under POPIA, we must have a lawful basis for processing your personal information. We rely on the following grounds:

(a) Consent: Where you have given us clear, voluntary, and informed consent to process your personal information for specific purposes, such as receiving marketing communications or participating in coaching sessions. You may withdraw your consent at any time by contacting our Information Officer, although this will not affect the lawfulness of any processing carried out before your withdrawal.

(b) Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes processing required to provide our coaching services, masterclass sessions, and to manage your account.

(c) Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject, including obligations under the FAIS Act, the Financial Intelligence Centre Act, the Income Tax Act 58 of 1962, and POPIA.

(d) Legitimate Interest: Where processing is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by your rights and interests. Our legitimate interests include fraud prevention, network and information security, business administration, and improving our Services.

We collect personal information through the following means:

(a) Website Forms: When you complete registration forms, contact forms, booking forms, or any other forms on our website.

(b) Coaching Sessions: During one-on-one or group financial coaching sessions, whether conducted in person, via telephone, or via video conferencing platforms such as Google Meet.

(c) Masterclass Registration: When you register for and participate in KPIPA Masterclass sessions or other educational events.

(d) Purchases: When you purchase educational materials, books, or other products through our website or platform.

(e) Communications: When you contact us by email, telephone, WhatsApp, social media, or any other communication channel.

(f) Automated Technologies: Through cookies, web beacons, and similar tracking technologies when you visit our website. Please see Section 11 (Cookies and Tracking Technologies) for further details.

(g) Third Parties: We may receive personal information about you from third parties, including payment processors, analytics providers, and social media platforms, in accordance with those third parties' privacy policies and applicable law.

We do not sell, rent, or trade your personal information to third parties. We may share your personal information with the following categories of third parties, solely for the purposes described in this Privacy Policy:

(a) Payment Processors: We use third-party payment processors to handle transactions securely. These processors have access to payment-related information necessary to process your transactions and are bound by their own privacy policies and data protection obligations.

(b) Video Conferencing Providers: We use Google Meet and similar platforms to conduct coaching sessions and masterclass events. Your name, email address, and any information shared during the session may be processed by the platform provider in accordance with their privacy policy.

(c) Email Service Providers: We use third-party email service providers to send transactional and marketing communications. These providers have access to your email address and name for the purpose of delivering emails on our behalf.

(d) Hosting and Infrastructure Providers: Our website and application infrastructure is hosted by third-party providers that may have access to personal information stored on their systems.

(e) Analytics Providers: We use analytics services to understand how our Services are used and to improve them. These providers may collect technical and usage information through cookies and similar technologies.

(f) Legal and Regulatory Authorities: We may disclose your personal information where required by law, regulation, legal process, or governmental request, or where necessary to protect our legal rights, enforce our Terms of Service, or ensure the safety of our users.

All third parties with whom we share personal information are required to protect your information in accordance with applicable data protection laws, including POPIA.

In certain circumstances, your personal information may be transferred to and processed in countries outside the Republic of South Africa. Specifically:

(a) Our database infrastructure is hosted on Neon DB, with servers located in the United States. Your account information, booking records, and related data may be stored on these servers.

(b) We use Google services, including Google Meet, Gmail, and Google Analytics, which may process and store data on servers located outside South Africa.

(c) Our email service providers and payment processors may process data on servers located in various jurisdictions.

In accordance with Section 72 of POPIA, we ensure that any cross-border transfer of personal information is subject to appropriate safeguards, including:

- The recipient country having adequate data protection legislation. - The recipient being bound by a binding agreement or corporate rules that provide adequate protection. - Your consent to the transfer, having been informed that the recipient country may not have equivalent data protection laws.

We take reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy regardless of where it is processed. By using our Services, you acknowledge and consent to the transfer of your personal information to jurisdictions outside South Africa as described in this section.

Under POPIA, you have the following rights in relation to your personal information:

(a) Right of Access: You have the right to request confirmation of whether we hold personal information about you and to request access to that information, free of charge, subject to a reasonable fee for additional copies (Section 23).

(b) Right to Correction: You have the right to request the correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained unlawfully (Section 24).

(c) Right to Deletion: You have the right to request the destruction or deletion of your personal information where it is no longer necessary for the purpose for which it was collected, or where you have withdrawn your consent (Section 24).

(d) Right to Object: You have the right to object, on reasonable grounds relating to your particular situation, to the processing of your personal information. You also have the right to object to the processing of your personal information for direct marketing purposes (Section 11(3)).

(e) Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on the automated processing of your personal information intended to provide a profile of you (Section 71).

(f) Right to Complain: You have the right to lodge a complaint with the Information Regulator if you believe that your personal information has been processed in violation of POPIA.

To exercise any of these rights, please contact our Information Officer at advisory@lebogrss.co.za. We will respond to your request within a reasonable time and in any event within thirty (30) days of receiving your request. We may require you to verify your identity before processing your request.

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations. Our retention periods are as follows:

(a) Account Information: Retained for the duration of your active account and for a period of five (5) years after account closure, in accordance with record-keeping obligations under the FAIS Act and the Financial Intelligence Centre Act.

(b) Financial Coaching Records: Records of coaching sessions, notes, and related information are retained for five (5) years after the conclusion of the coaching relationship, in compliance with the FAIS Act record-keeping requirements.

(c) Transaction Records: Payment records and invoices are retained for five (5) years after the date of the transaction, in compliance with the Income Tax Act and the Value-Added Tax Act.

(d) Communication Records: Correspondence and communication records are retained for three (3) years after the last communication.

(e) Marketing Consent Records: Records of your marketing preferences and consent are retained for the duration of our relationship and for two (2) years thereafter.

(f) Technical and Usage Data: Automatically collected technical and usage data is retained for a period of twenty-four (24) months from the date of collection.

When personal information is no longer required, we will securely destroy or de-identify it in accordance with POPIA requirements.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and personalise content.

Cookies are small text files placed on your device by your web browser when you visit a website. We use the following types of cookies:

(a) Strictly Necessary Cookies: These cookies are essential for the website to function properly and cannot be disabled. They enable core functionality such as security, session management, and accessibility.

(b) Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us understand which pages are most and least popular and see how visitors move around the site.

(c) Functional Cookies: These cookies enable enhanced functionality and personalisation, such as remembering your preferences and settings.

(d) Marketing Cookies: These cookies may be set through our site by advertising partners to build a profile of your interests and show you relevant advertisements on other sites. They do not directly store personal information but uniquely identify your browser and internet device.

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or to delete cookies that have already been set. Please note that disabling certain cookies may affect the functionality of our website.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Section 19 of POPIA.

Our security measures include, but are not limited to:

(a) Encryption of personal information in transit using Transport Layer Security (TLS) encryption.

(b) Encryption of sensitive personal information at rest.

(c) Access controls that limit access to personal information to authorised personnel on a need-to-know basis.

(d) Regular security assessments and vulnerability testing of our systems.

(e) Secure storage of physical records in locked facilities with restricted access.

(f) Staff training on data protection and information security practices.

(g) Incident response procedures for the detection, reporting, and investigation of personal information breaches.

In the event of a personal information breach that poses a risk to your rights and freedoms, we will notify you and the Information Regulator as soon as reasonably possible, in accordance with Section 22 of POPIA.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your personal information.

Our Services are not intended for individuals under the age of eighteen (18) years. We do not knowingly collect, process, or store personal information from children as defined in Section 35 of POPIA.

If we become aware that we have collected personal information from a child without the consent of a competent person (parent or legal guardian), we will take immediate steps to delete such information from our systems.

If you are a parent or guardian and you believe that your child has provided us with personal information without your consent, please contact our Information Officer immediately at advisory@lebogrss.co.za so that we can take appropriate action.

We may use your personal information to send you direct marketing communications about our Services, events, and educational content, subject to your consent.

In accordance with Section 69 of POPIA, we will only send you direct marketing communications by electronic means (including email, SMS, and WhatsApp) if you have given your prior consent to receive such communications, or if you are an existing client and the marketing relates to similar products and services to those you have previously engaged with.

Every marketing communication we send will include a clear and easy way to opt out of future communications. You may also opt out of marketing communications at any time by contacting us at advisory@lebogrss.co.za.

Your decision to opt out of marketing communications will not affect the provision of our Services to you.

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our website with a revised "Last Updated" date and, where appropriate, by sending you a notification via email.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of the Services after the publication of changes to this Privacy Policy constitutes your acceptance of those changes.

If you do not agree with any changes to this Privacy Policy, you should cease using the Services and contact our Information Officer to request the deletion of your personal information.

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal information, please contact:

Information Officer: Lebo Grass Address: Sandton Corporate Woods, Johannesburg, 2196 Email: advisory@lebogrss.co.za Phone: +27 11 000 0000

If you are not satisfied with our response to your enquiry or complaint, you have the right to lodge a complaint with the Information Regulator:

Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 P.O. Box 31533, Braamfontein, Johannesburg, 2017 Telephone: 010 023 5207 Email: enquiries@inforegulator.org.za Website: www.justice.gov.za/inforeg