Privacy Policy

ASBAH SA (NPO No. 146-568) (“we”, “us”, or “our”) is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA).

This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our website, services, or contact us directly. By using our website or services, you acknowledge that you have read and understood this policy. Your use of our website is also subject to our Terms of Use.

We may collect the following categories of personal information:

• Identity information: Full name
• Contact information: Email address, phone number, and postal address
• Donation details: Donation amounts, frequency, and payment reference numbers
• Communication records: Any information voluntarily submitted via our contact forms, support request forms, or email correspondence
• Technical data: IP address, browser type, and pages visited (collected via essential cookies — see Section 8)

We collect only the information necessary for the purposes described in this policy.

We use your personal information for the following purposes:

• To process donations and issue receipts or tax certificates
• To respond to enquiries submitted via our contact or support forms
• To provide support services to individuals and families living with Spina Bifida & Hydrocephalus
• To send updates, newsletters, or event information — only where you have given explicit consent
• To comply with legal obligations, including financial reporting and NPO regulatory requirements
• To improve our website and services based on aggregated, anonymised usage data

Under POPIA, we process your personal information on the following lawful grounds:

• Consent: Where you have given us clear consent to process your information for a specific purpose (e.g., subscribing to updates)
• Legitimate interest: Where processing is necessary for our legitimate interests as a non-profit organisation, provided those interests are not overridden by your rights
• Legal obligation: Where we are required to process your information to comply with applicable South African law
• Contractual necessity: Where processing is necessary to fulfil a transaction or service you have requested (e.g., processing a donation)

We do not sell, rent, or trade your personal information to any third party.

We may share your information in limited circumstances:

• PayFast (payment processor): When you make a donation, your payment details are processed securely by PayFast. We share only the information necessary to complete the transaction. PayFast operates under its own privacy policy and is PCI DSS compliant.
• Service providers: We may share information with trusted third-party service providers (e.g., email platforms, cloud hosting) who assist us in operating our website and services. These providers are bound by data processing agreements and may not use your information for any other purpose.
• Legal requirements: We may disclose your information if required to do so by law or in response to a valid request from a public authority.

We retain your personal information only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law.

• Donation records are retained for a minimum of 5 years in accordance with South African financial and NPO reporting requirements.
• Contact form submissions and correspondence are retained for 2 years from the date of last contact, unless an ongoing support relationship exists.
• Marketing consent records are retained for the duration of your consent, plus a reasonable period thereafter for compliance purposes.

When personal information is no longer required, it is securely deleted or anonymised.

As a data subject under POPIA, you have the following rights:

• Right of access: You may request a copy of the personal information we hold about you.
• Right to correction: You may request that we correct inaccurate or incomplete personal information.
• Right to deletion: You may request that we delete your personal information, subject to any legal retention obligations.
• Right to object: You may object to the processing of your personal information, including for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our Information Officer at asbahrose@gmail.com. We will respond to your request within 30 days.

Our website uses essential cookies only — small text files placed on your device that are strictly necessary for the site to function correctly (e.g., maintaining session state and security).

We do not use third-party advertising cookies, tracking pixels, or behavioural analytics cookies. No personal information is shared with advertising networks via cookies.

You can control or delete cookies through your browser settings. Disabling essential cookies may affect the functionality of certain parts of our website.

We implement reasonable technical and organisational measures to protect your personal information against loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

• Secure HTTPS encryption for all data transmitted via our website
• Access controls limiting who within our organisation can access personal information
• Use of PCI DSS-compliant payment processors for all donation transactions
• Regular review of our security practices

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. If you believe your personal information has been compromised, please contact us immediately.

For any privacy-related queries, requests, or concerns, please contact our designated Information Officer:

If you are not satisfied with how we have handled your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The most current version will always be available on this page.

Last updated: March 2025. Material changes will be communicated via a notice on our website.