Privacy Policy

This Privacy Policy explains how UrgentGo Courier (Pty) Ltd ("we", "us", "our") collects, uses, stores, and protects your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African legislation. This policy applies to all personal information we process about: • Customers using our courier and logistics services • Website visitors and online service users • Suppliers, partners, and business contacts • Job applicants and employees • Any individual whose personal information we process By using our services or providing us with your personal information, you consent to the practices described in this Privacy Policy. We are committed to processing your personal information lawfully, fairly, and transparently.

UrgentGo Courier (Pty) Ltd serves as the data controller for personal information processed under this policy. Company Details: Registration Number: 2024/844754/07 Physical Address: Flora Centre, Conrad Drive & Ontdekkers Rd, Florida, Johannesburg, 1709 Telephone: +27 100 234 832 Email: privacy@urgentgocourier.co.za Information Officer (POPIA Compliance): Name: [Information Officer Name] Email: privacy@urgentgocourier.co.za Phone: +27 100 234 832 We have appointed a dedicated Information Officer to ensure compliance with POPIA requirements and handle privacy-related inquiries and requests.

We collect personal information necessary for providing our courier and logistics services: Identity Information: • Full names and identity numbers • Contact details (phone numbers, email addresses, physical addresses) • Business registration details for corporate clients • Proof of identity documents when required Service-Related Information: • Pickup and delivery addresses • Package descriptions and contents • Delivery instructions and special requirements • Payment information and billing details • Service preferences and account settings Technical Information: • IP addresses and device information • Website usage data and cookies • GPS location data for delivery tracking • Communication records and correspondence We only collect information that is necessary for our legitimate business purposes and with your consent where required by law.

We collect personal information through various channels: Direct Collection: • Online booking and registration forms • Phone orders and customer service interactions • Physical service agreements and contracts • In-person interactions at our facilities • Mobile applications and delivery confirmations Indirect Collection: • Third-party logistics partners and agents • Payment processors and financial institutions • Publicly available business directories • Referrals from existing customers • Social media interactions Automated Collection: • Website cookies and tracking technologies • GPS tracking during delivery services • CCTV footage at our facilities • Electronic communication logs We ensure all collection methods comply with POPIA requirements and obtain appropriate consent where necessary.

We process your personal information for the following purposes: Service Delivery (Contract Performance): • Processing and fulfilling delivery orders • Route planning and logistics coordination • Customer communication and notifications • Proof of delivery and service confirmation Business Operations (Legitimate Interests): • Customer support and complaint resolution • Service improvement and quality assurance • Risk management and fraud prevention • Compliance with legal and regulatory requirements Marketing and Communication (Consent): • Promotional materials and service updates • Newsletter subscriptions and communications • Market research and customer feedback • Social media engagement Legal Compliance: • Tax reporting and record keeping • Regulatory compliance (transport authorities) • Law enforcement cooperation when legally required • Dispute resolution and legal proceedings We only process personal information where we have a valid legal basis under POPIA.

We may share your personal information with trusted third parties under specific circumstances: Service Providers: • Subcontractors and delivery agents • IT service providers and system administrators • Payment processors and financial institutions • Professional advisors (legal, accounting, consulting) Business Partners: • Logistics partners for extended service coverage • Insurance providers for coverage purposes • Government agencies for regulatory compliance • Approved vendors and suppliers Legal Requirements: • Law enforcement agencies when legally obligated • Courts and legal authorities for dispute resolution • Regulatory bodies for compliance purposes • Emergency services for safety and security We ensure all third parties: • Have adequate data protection measures • Are contractually bound to protect your information • Only access information necessary for their specific purpose • Comply with POPIA requirements We do not sell personal information to third parties for marketing purposes.

We implement comprehensive security measures to protect your personal information: Technical Safeguards: • Encryption of data in transit and at rest • Secure server infrastructure and firewalls • Regular security updates and patch management • Access controls and user authentication systems • Backup and disaster recovery procedures Physical Security: • Restricted access to data processing facilities • CCTV monitoring and security personnel • Secure storage of physical documents • Environmental controls for equipment protection Administrative Controls: • Staff training on data protection requirements • Background checks for employees handling personal data • Regular security audits and risk assessments • Incident response and breach notification procedures • Data retention and disposal policies We regularly review and update our security measures to address evolving threats and maintain compliance with industry best practices and POPIA requirements.

As a data subject under POPIA, you have the following rights: Access Rights: • Request confirmation of whether we process your personal information • Obtain copies of your personal information we hold • Request details about our processing activities • Receive information about third parties we share data with Correction and Updating: • Request correction of inaccurate personal information • Update outdated or incomplete information • Add supplementary information where necessary Deletion Rights: • Request deletion when information is no longer needed • Withdraw consent where processing is based on consent • Object to processing for direct marketing purposes • Request deletion for unlawful processing Other Rights: • Object to automated decision-making • Request restriction of processing in certain circumstances • Data portability where technically feasible • Lodge complaints with the Information Regulator To exercise these rights, contact our Information Officer at privacy@urgentgocourier.co.za. We will respond within the timeframes required by POPIA.

We retain personal information only as long as necessary for the purposes it was collected: Service Records: • Customer delivery records: 7 years (for tax and legal compliance) • Payment and billing information: 5 years • Customer communication: 3 years • Marketing consent records: Until consent is withdrawn Legal and Compliance: • Employment records: As required by labour legislation • Financial records: As required by tax legislation • Insurance claims: 5 years from claim resolution • Legal proceedings: Duration of proceedings plus 3 years Technical Data: • Website logs and analytics: 2 years • CCTV footage: 30 days (unless incident-related) • GPS tracking data: 1 year • System backups: 3 months Disposal Process: • Secure deletion of electronic data • Physical destruction of paper records • Certificate of destruction for sensitive information • Regular audits of retention compliance We regularly review retention periods to ensure compliance with legal requirements and business needs.

Our website uses cookies and similar technologies to enhance user experience: Essential Cookies: • Session management and authentication • Shopping cart and booking functionality • Security and fraud prevention • Basic website functionality Analytics Cookies: • Website usage statistics • Performance monitoring • User behavior analysis • Service improvement insights Marketing Cookies: • Targeted advertising delivery • Social media integration • Conversion tracking • Personalized content display Cookie Management: • Browser settings allow cookie control • Opt-out options available for non-essential cookies • Regular cookie policy updates • Clear information about third-party cookies You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality and service delivery.

When transferring personal information outside South Africa, we ensure adequate protection: Transfer Safeguards: • Adequacy decisions by the Information Regulator • Standard contractual clauses approved by authorities • Binding corporate rules for group companies • Professional codes of conduct and certification schemes International Partners: • Cloud service providers with appropriate safeguards • International logistics partners with data protection agreements • Payment processors with certified security standards • Technology vendors with compliance certifications Transfer Notifications: • Clear information about international transfers • Details of safeguards and protection measures • Contact information for data protection queries • Right to obtain copies of transfer agreements We only transfer personal information internationally where necessary for service delivery and with appropriate protection measures in place.

We are committed to protecting children's privacy: Age Restrictions: • Services not intended for children under 18 • Parental consent required for minors • Special protection for children's personal information • Clear age verification processes Parental Rights: • Access to children's personal information • Correction and deletion rights • Withdrawal of consent options • Communication preferences management Collection Limitations: • Minimal data collection from minors • Educational purpose restrictions • Enhanced security measures • Regular review of children's data If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information promptly.

We respect your communication preferences: Consent Management: • Clear opt-in procedures for marketing communications • Granular consent options for different communication types • Easy withdrawal of consent mechanisms • Regular consent renewal requests Communication Types: • Service updates and notifications • Promotional offers and discounts • Industry news and insights • Customer satisfaction surveys Opt-Out Options: • Unsubscribe links in all marketing emails • Customer service opt-out requests • Online account preference management • SMS opt-out instructions We only send marketing communications to individuals who have provided explicit consent and offer clear opt-out mechanisms in all communications.

We have established procedures for managing data security incidents: Incident Response: • Immediate incident assessment and containment • Risk evaluation and impact analysis • Stakeholder notification and communication • Remedial action implementation Notification Obligations: • Information Regulator notification within 72 hours • Affected individuals notification where high risk exists • Clear communication about the incident nature and impact • Guidance on protective measures individuals can take Preventive Measures: • Regular security assessments and updates • Employee training on incident recognition • Third-party security monitoring • Continuous improvement of security measures We are committed to transparency and will provide clear information about any security incidents that may affect your personal information.

We may update this Privacy Policy to reflect changes in our practices or legal requirements: Update Notifications: • Website posting of updated policies • Email notifications to registered users • Clear indication of change dates and nature • Previous version availability upon request Change Types: • Legal requirement modifications • Service enhancement updates • Technology implementation changes • Business practice improvements Review Process: • Regular policy reviews and assessments • Legal compliance verification • Stakeholder consultation where appropriate • Information Regulator guidance incorporation Continued use of our services after policy updates constitutes acceptance of the revised terms. We encourage regular review of this policy to stay informed about how we protect your information.

For privacy-related inquiries, complaints, or to exercise your rights: Information Officer: Email: privacy@urgentgocourier.co.za Phone: +27 100 234 832 Physical Address: Flora Centre, Conrad Drive & Ontdekkers Rd, Florida, Johannesburg, 1709 Customer Service: General Inquiries: support@urgentgocourier.co.za Phone: +27 100 234 832 Business Hours: Monday-Friday 7:00 AM - 9:00 PM External Complaints: Information Regulator of South Africa Website: www.justice.gov.za/inforeg Email: inforeg@justice.gov.za Phone: +27 12 406 4818 We are committed to addressing your privacy concerns promptly and transparently. Please allow up to 30 days for response to written inquiries. Response Timeframes: • Initial acknowledgment: 3 business days • Full response: 30 days maximum • Complex inquiries: 60 days with explanation • Urgent security matters: Immediate response