Skip to main content

Legal

Terms Of Service

HEADSPACE TECHNOLOGIES PROPRIETARY LIMITED
Registration Number 2015/192030/07
Applicable as of 23 February 2023

1. PREVAILING TERMS OF SERVICE

1.1 Before you use the Commspace service, which is subject to these terms of service and the confidentiality obligations in the Confidentiality and Non-Disclosure Agreement (“NDA”), please read this document and the NDA carefully. This is a legal agreement (the “Agreement” or “these Terms of Service”) between Headspace Technologies Proprietary Limited (“our“, “us“, “we“, the “Company” or “Commspace“), and you and/or the entity that you represent (“you“, “your” or “yourself“) which governs your use of the Commspace internet-based commission tracking and referral management services (the “Service“) and comes into force automatically when you start using the Service (the “Effective Date“). You warrant to us that you are lawfully able to enter into contracts (e.g., you are not a minor). If you are entering into this Agreement for an entity, such as the company you work for, you warrant to us that you have legal authority to bind that entity.

1.2 This Agreement shall prevail over any term and condition contained in any documentation you may supply or any other documentation.

2. THE COMMSPACE SERVICE

2.1 By paying a monthly Service Fee and as long as you are a client of the Company, you are granted a right to use the Service subject to the restrictions set forth in this Agreement and any other restrictions stipulated to you by us in writing.

2.2 Any and all information which you at any time provide to us, or otherwise provide us access to, or which you upload directly onto the Service shall be referred to in this Agreement as “Your Content“. This shall include, without limitation:

2.2.1 The initials, name, surname, identity number, date of birth of your clients;
2.2.2 product information including policy numbers, provider names and policy types, and any other client portfolio information;
2.2.3 advisor details and any other master data;
2.2.4 your address and VAT number;
2.2.5 information relating to the earning of commission, and splitting of commission between your advisors.

3. TERM

These Terms of Service will commence on the Effective Date and will remain in effect until terminated by you or us in accordance with clause 17. You will be a client of the Company for as long as these Terms of Service are in effect between us.

4. YOUR RESPONSIBILITIES

4.1 You are solely responsible for the development, content, operation, maintenance, and use of Your Content. For example, you are solely responsible for:

4.1.1 the technical operation of Your Content, including ensuring that commission allocations are correctly set-up and any other information submitted is accurate;
4.1.2 compliance of Your Content with the applicable laws;
4.1.3 any claims relating to Your Content;
4.1.4 properly handling and processing commission statements and other information sent to you (or any of your affiliates);
4.1.5 keeping up-to-date backups of Your Content;
4.1.6 drawing your own reports from the Service.

4.2 While the Company backs up Your Content on a daily basis, you are responsible for properly configuring and using the Service and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access, and routine archiving of Your Content.

4.3 Commspace log-in credentials and private keys generated by the Service (“System User Accounts”) are for your internal use only and you may not sell, transfer or sublicense them to any other entity or person, or permit any other entity or person to use them, except that you may disclose details of your System User Accounts to your agents and subcontractors performing work on your behalf, subject to the provisions of the NDA and clause 8.2.

4.4 We will provide the necessary training to your staff or Users.

5. SUPPORT

5.1 The Company offers online support in respect of the Service during the hours of 08h00 to 17h00 (South African time), Monday to Friday. Although we do our best to provide online support outside of these hours, we cannot guarantee that this is possible.

5.2 This web-based support is included in the Service Fee, unless your requirement for support becomes excessive, in which case the Company will notify you and engage with you to discuss a solution for your needs.

5.3 In the event of termination of the Service in accordance with the provisions of these Terms of Service, we agree to provide you with a detailed historical record of all your content in a .csv or other appropriate format to enable you to migrate the historical data to another provider.

6. SERVICE FEES

6.1 By selecting the Service and utilising it, you agree to pay the monthly service fees in accordance with our prevailing price list (“Service Fee”) and to continue to pay the Service Fee each month, in accordance with the provisions of this clause 6, while these Terms of Service are in effect.

6.2 Payment of the Service Fee must be made monthly in advance, without deduction or set-off, on or before the 1st day of every month.

6.3 Payment must be made by way of debit order or similar automatic deduction. Electronic transfer into a bank account nominated by us in writing is acceptable in our sole discretion, only after prior arrangement.

6.4 If payment is not received by Us by the 7th day of a month, we are entitled to suspend your access to the Service. Our approval for you to pay via electronic funds transfer may also be revoked, and in such a case, access to the Service will be reinstated immediately once payment of any arrear Service Fee is made and a signed debit order authorisation has been received for the collection of subsequent monthly Service Fee payments.

6.5 We may revise our Service Fees from time to time, provided prior notice has been given in writing.

6.6 Prices established in terms of this Agreement are exclusive of VAT.

7. MODIFICATION TO THE SERVICE

7.1 We may change, suspend, or discontinue any part of the Service at any time in order to improve the Service overall, or if our relationship with a third party partner who provides software or other technology we use to provide the Service requires us to change the way we provide the software or other technology as part of the Services.

7.2 We have no obligation (other than as may be required by applicable laws) to continue producing or releasing new versions of the Service.

8. SERVICE IMPLEMENTATION, REGISTRATION

8.1 You agree to provide true, accurate, current and complete information about yourself as prompted by the Service registration process (such information being the “Registration Data“) to register for the Service. You further agree that, in providing such Registration Data, you will not knowingly omit or misrepresent any material facts or information and that you will promptly enter corrected or updated Registration Data via the Service, or otherwise advise us promptly in writing of any changes or updates to the Registration Data. You further consent and authorise us to verify your Registration Data as maybe required by applicable legislation, or as otherwise determined reasonably necessary by us in our sole discretion for your use of and access to the Service. We shall not be liable for any inaccuracy or incompleteness of any information which you provide to us.

8.2 Once you subscribe to the Service, you shall receive a unique username and password in connection with your account per user (collectively referred to herein as “System User Accounts” as referred to in clause 4.3). You agree that you will not allow any unauthorised person to use any of your System User Accounts to access and use the Service under any circumstances; nor will you allow multiple people to use a single System User Account. You are solely and entirely responsible for maintaining the confidentiality of your System User Accounts and for any charges, damages, liabilities or losses incurred or suffered as a result of your failure to do so. We are not liable for any harm caused by or related to the theft of your System User Accounts, your disclosure of your System User Accounts, or your authorisation to allow any unauthorised person to access and use the Service using your System User Accounts or in allowing more than one person to use a single System User Account. Furthermore, you are solely and entirely responsible for any and all activities that occur through accessing or using any of your System User Accounts, including for any access to or use of the Service by way of any of your System User Accounts and are liable for any loss or damage arising therefrom. You agree to notify us of any unauthorised use of any of your System User Accounts or any other breach of security known to you as soon as practically possible. You undertake to provide all reasonable assistance required to address the effect of any such breach.

9. DATA PROTECTION AND PRIVACY

9.1 We draw your attention to our Privacy Policy, POPIA Compliance Policy and Data Protection Policy (all of which are available on our website and which are updated from time to time) which are expressly incorporated as part of these Terms of Service, and which govern the way in which we process information which you provide to us or which you upload directly onto the Service, and which describe our commitments and obligations for data protection in terms of the Protection of Personal Information Act 4 of 2013 (POPIA).

9.2 The Service will store and process financial and client information that you submit to the Service, provided that the data submitted complies to the format and size limitations as indicated by the Service.

9.3 By accepting these Terms of Service, you warrant that all End Users (and all of your customers whose personal information you provide to us) have consented to the processing of such information (as contemplated in POPIA) for the purposes set out in these Terms of Service and to comply with any obligation under applicable laws.

9.4 We are not liable for any losses relating to missing or incorrect information provided by you, or other actions or omissions by you or your agents or representatives that are unlawful, deceptive, fraudulent, in breach of any provision of this Agreement or otherwise invalid (“Fraudulent Actions“). By using the Service, you hereby release us from any liability arising from any such Fraudulent Actions. You will also use best efforts to promptly notify us of any Fraudulent Actions which may affect the Service. Commspace reserves the right, in its sole discretion, to suspend or terminate your account if you engage in, or enable any other user or client to engage in, Fraudulent Actions.

10. OPERATOR PROVISIONS

10.1 For the purposes of carrying out your business and related objectives, you process Personal Information belonging to a number of persons, being product owners and FSP/advisers (including legal entities and individuals), who are referred to as Data Subjects under POPIA. That Personal Information includes, without limitation, names and surnames, date of birth, identity number, passport number, registration number, provider and product number, adviser codes, broker house name and broker house codes.

10.2 You have appointed us as your commission administrator system, on these Terms of Service. As part of providing the Service to you, we will process certain Personal Information, which you have obtained from your Data Subjects and which you provide or make available to us, on your behalf. This includes information which is made available to us directly from providers, based on your instruction and authority. We do so as an “operator” in terms of POPIA.

10.3 We undertake:

10.3.1 to process the Personal Information strictly in accordance with POPIA, and our mandate contained in these Terms of Service and any specific instructions you may provide to us from time to time;

10.3.2 not to use the Personal Information for any other purpose, save for the purpose set out under these Terms of Service;

10.3.3 to treat the Personal Information as confidential and not disclose the Personal Information to any other person, save as permitted or required for purposes of these Terms of Service and the rendering of the Service, or as required by law, and only once we have provided you with adequate warning of this requirement to disclose and the related details thereof (to the extent possible), including the identity of the person who is to receive the Personal Information and the reason for the disclosure;

10.3.4 to secure the integrity of the Personal Information in our possession or under our control by taking appropriate, reasonable technical and organisational measures to prevent (i) loss of, or damage to, or unauthorised destruction of the Personal Information; and (ii) unlawful access to or unlawful processing of the Personal Information

10.3.5 to notify you immediately where we have reasonable grounds to believe that the Personal Information, which has been provided to us has been lost, destroyed, or accessed or acquired by any unauthorized person;

10.3.6 not to use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do so in terms of these Terms of Service or otherwise by you in writing;

10.3.7 not to treat the Personal Information as our own, acknowledging that we have been tasked with processing the Personal Information in our capacity as your operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with you;

10.3.8 not to sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;

10.3.9 to ensure that any person acting under the authority of Headspace, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from Headspace and strictly in accordance with these Terms of Service and in particular the provisions of this clause 10;

10.3.10 to deal promptly and properly with all reasonable inquiries from you relating to your sharing of Personal Information with us;

10.3.11 to provide you with full co-operation and assistance in relation to any requests for access or correction or complaints made by Data Subjects; and

10.3.12 to have due regard to generally accepted industry information security practices and processes which may apply to us.

10.4 You warrant that Personal Information which you share with us (or which we receive directly from any provider pursuant to your instruction and authorisation) has been collected, Processed and shared with us in compliance with POPIA.

10.5 In addition to any specific responsibilities and obligations on your part as set out elsewhere in these Terms of Service, you shall respond to enquiries from Data Subjects and/or any authority concerning the sharing of the Personal Information within a reasonable time, unless we agree that we will so respond, in which case you will still respond to the extent reasonably possible and with the information reasonably available to you.

10.6 In order to ascertain compliance with the obligations contained in this clause 10, you may, on reasonable notice, at your own cost, and during regular business hours, view and / or audit our facilities, files, and any other data processing documentation needed for the required review / audit and we agree to provide all necessary assistance which may reasonably be needed to give effect to this right.

10.7 We shall not be entitled to transfer Personal Information to any third party located in a foreign country unless:

10.7.1 such third party is subject to Data Protection Laws in such foreign country, binding corporate rules or binding agreement which provide an adequate level of protection that effectively upholds the protection of Personal Information principles contained in these Terms of Service; or

10.7.2 you consent to such transfer of Personal Information to the foreign country in question. By your acceptance of these Terms of Service, you consent to the transfer of Personal Information to the European

10.8 We make use of the following sub operators:

10.8.1 Clever Cloud SAS, 3 rue de l’Allier, 44000 Nantes, France for hosting of the Commspace applications and database.

10.8.2 Google Workspace, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for collaboration software including secure shared folders and email. The workspace is configured to use servers and store data in the European Union only.

10.9 We shall remain responsible for all actions performed by any appointed third party located in a foreign country pursuant to a transfer of Personal Information as described in clause 10.7.

11. SERVICE USE AND LIMITATIONS

11.1 It is necessary from time to time for us to carry out work to maintain the Service and to correct defects. The Service will not be operational during planned downtime for scheduled maintenance, upgrades or bug fixing (of which we will provide at least 8 hours prior notice and which will not be scheduled at key processing times);

11.2 You acknowledge that Commspace is a commission tracking and referral management software service and not a salary or compensation payment service.

11.3 You acknowledge and agree that:

11.3.1 we will not be liable for remunerating you or your commission sharers based on information provided by Commspace; and

11.3.2 we are not liable for any incorrect payments, salary or commission payment disputes that may arise from the information obtained from the Service:

11.3.3 that result from your equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control);or;

11.3.4 arising from a suspension and/or termination of your right to use the Service in terms of this Agreement.

12. PROPRIETARY RIGHTS

12.1 The Service contains content and technology of the Company and third party providers that is protected by copyright, trademark, patent, trade secret and other laws. The Company owns all intellectual property rights to any protectable part of the Service, alternatively warrants that (to the extent necessary) it has the appropriate rights or licences to use the software in place from its providers, including but not limited to the design, artwork, logos, functionality, and documentation (collectively, the “Company Property“). You may not copy, modify, or reverse engineer or otherwise use (whether on your own, or jointly with any other person) any part of the Service, which is (and will at all times be) owned by the Company or the relevant third party provider, or any Company Property, other than for the purposes contemplated in this Agreement.

12.2 Subject to your continued compliance with these Terms of Service, and for so long as these Terms of Service are in effect, the Company hereby grants you a limited, non-exclusive, revocable, non- transferable and non-sublicensable license to access and use the Company Property (excluding any software code) solely for use in connection with accessing and using the Service in accordance with these Terms of Service. Such license will terminate immediately upon termination of these Terms of Service.

12.3 Notwithstanding such permitted uses and license, you acknowledge that all derivative designs and artwork which utilise the Commspace logo or other Company Property (collectively, “Derivative Works“) are the sole property of the Company. No other rights are granted to you with respect to the Company Property other than those rights granted explicitly herein, including with respect to any Derivative Works.

12.4 All right, title and interest in any text, images, or other information, including information relating to Your Content , shall remain your sole property.You may use Your Content in any way without restriction, subject to applicable laws and the provisions of these Terms of Service.

12.5 In providing your Content to us, you consent to our use of Your Content in order for us to provide the Service to you. From time to time we use Your Content, only on an aggregated anonymised basis (with any personal information being de-identified), for market research and analysis purposes.

12.6 The provisions of this clause survive termination of this Agreement, and will continue in perpetuity.

13. ACKNOWLEDGEMENTS AND DISCLAIMER

13.1 You expressly understand and agree that Your use of the Service is at your sole risk. The Service is provided on an “as is” and “as available” basis. The Company and its subsidiaries, affiliates, officers, employees, agents, partners and licensors expressly disclaim all warranties of any kind, whether express or implied, including, but not limited to the implied warranties of merchantability, fitness for a particular purpose or application and non-infringement, subject to and to the extent permissible under the Consumer Protection Act, No 68 of 2008. You should make your own enquiries to make sure that your use of the Service is suitable for your purposes.If at any time you are dissatisfied with the suitability of the Service for your purposes, your sole and exclusive remedy is to discontinue use of the Service.

13.2 The company makes no warranty that:

13.2.1 your access to or use of the Service will be uninterrupted, timely, secure or error free,
13.2.2 any defects in the Service will be corrected in a particular manner or time frame. You are responsible to let us know of any defects which you may encounter in your use of the Services, or
13.2.3 the Service or any server through which you access the Service is free of viruses or other harmful components (without detracting from any obligation on us in terms of applicable law to take steps to mitigate this risk).

13.3 Even though we commit to taking all reasonable measures as required of us by law and in accordance with industry best practice to protect your data and ensure its privacy, you understand that inherent to the nature of the Service (which is a web-based service), and in using the Service, sensitive information will travel through third party infrastructures which are not under Commspace’s control (such as third party servers). We perform thorough due diligence on the information security posture of all our suppliers, but cannot give any warranty with respect to the security of such third party infrastructures, and accordingly cannot be responsible for and cannot guarantee the complete privacy of your data and messages transmitted while using the Service, save as otherwise (and to the extent) required by applicable law.
13.4 Any material downloaded or otherwise obtained through the use of the Service is accessed at your own discretion and risk, and you will be solely responsible for any damage to your computer system or loss of data that results from the download of any such material.

13.5 No advice or information, whether oral or written, obtained by you from the Company or through or from the Service shall create any warranty not expressly stated in this agreement.

14. LIMITATION OF LIABILITY

14.1 YOU EXPRESSLY UNDERSTAND AND AGREE THAT THE COMPANY AND ITS SUBSIDIARIES, AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, PARTNERS AND LICENSORS SHALL NOT BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, ANY BUSINESS LOSSES (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFIT, INCOME OR OPPORTUNIIES; GOODWILL; USE; LOSS OR CORRUPTION OF ANY SOFTWARE OR DATA) OR OTHER INTANGIBLE LOSSES; AND ANY LOSS OR DAMAGE ARISING FROM AN EVENT(S) OUSTIDE OF OUR REASONABLE CONTROL (EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES); OR OTHERWISE RESULTING FROM:

14.1.1 THE USE OR THE INABILITY TO USE THE SERVICE;
14.1.2 THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICE RESULTING FROM ANY GOODS, DATA, INFORMATION OR SERVICE PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO THROUGH OR FROM THE SERVICE;
14.1.3 UNAUTHORISED ACCESS TO OR ALTERATION OF YOUR CONTENT;
14.1.4 ANY OTHER MATTER RELATING TO THE SERVICE IN ALL INSTANCES SUBJECT TO AND TO THE EXTENT PERMISSIBLE UNDER THE CONSUMER PROTECTION ACT.

14.2 Except for the indemnification and confidentiality obligations of the parties set out herein and in clause 15, and the intellectual property rights protected in terms of clause 12, in no event shall either party’s liability exceed an amount equal to the Service Fees paid by you under this Agreement, during the last 6 months prior to termination of the Service

14.3 The limitations and exclusions in this clause 14 govern all liabilities that may arise under or in relation to these Terms of Use, howsoever arising.

14.4 The Company does not limit or exclude liability for: loss or damage resulting from gross negligence, wilful misconduct, fraud or fraudulent misrepresentation. Nothing in these Terms of Use is intended to limit or exclude any liability which is not permitted under Applicable Law.

15 INDEMNITY

You hereby indemnify us and undertake to keep us indemnified against any and all costs, expenses, damages (whether direct or consequential), loss, liability, claims, actions or proceedings of whatever nature, which the Company may suffer or incur arising from or attributable to your use of the Service, including, without limitation a breach by you of these Terms of Use or a claim that you have breached any provision of these Terms of Use.

16. FORCE MAJEURE

16.1 Although we do our best to ensure that the Service is always available, there will be times when availability will be interrupted, or the Service may from time to time encounter technical or other problems (for example, emergency repairs; circumstances that result from your equipment, software or other technology and/or third party equipment, software or other technology, other than third party equipment within our direct control; or due to failures that are beyond our reasonable control); and may not necessarily continue uninterrupted or without technical or other errors; or we may no longer be able to provide the Service (for example, if our relationship with a third party partner who provides software or other technology we use to provide the Service terminates).

16.2 We will not be liable to you or others for such interruptions, errors, problems, any delay or non-performance of the Service or any part thereof or any provision under these Terms of Service, or as a result of which we are required to discontinue the provision of the Service or any part thereof or for any inconvenience, loss or damage suffered as a result of such interruptions if and to the extent such delay or non-performance results or arises from any event beyond our reasonable control (including, without limitation, acts of God, labour disputes or other industrial disturbances, systemic, electrical, telecommunications or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism or war) and which could not reasonably be planned for or avoided.

17. SUSPENSION

17.1 We may suspend your or any End User’s right to access or use any portion or all of the Service immediately upon notice to you if

17.1.1 Your Content, or your or an End User’s use of or registration for the Service (i) poses a security risk to the Service, Us or any third party, (ii) may adversely impact the Service or the systems or content of any other Commspace client, (iii) may subject us, our affiliates, or any third party to liability, or (iv) is unlawful or fraudulent;
17.1.2 so required in terms of applicable law, by a court of law or any legitimate request from a government, regulatory or other authorised body or official.

17.2 If we suspend your right to access or use any portion or all of the Service in accordance with clause 16.1:

17.2.1 you remain responsible for all Service Fees and/or charges you have incurred up to the date of suspension;
17.2.2 you will not be entitled to any credits for any period of suspension; and
17.2.3 we will not delete any of Your Content as a result of your suspension, and will continue to retain a copy of Your Content as may be required by Applicable Law, although Your Content or any part thereof may be removed from the Service platform.

17.3 Our right to suspend your or any End User’s right to access or use the Service is in addition to our right to terminate this Agreement pursuant to clause 17.

18. TERMINATION

18.1 You may terminate this Agreement for any reason by providing us 30 days advance notice. We may terminate this Agreement for any reason by providing you 90 days advance notice.

18.2 Unless a clause in these Terms of Service specifically provides its own remedy, if either Party (“Defaulting Party”) commits a breach of this Agreement, and/or fails to comply with any of the provisions hereof, and:

18.2.1 if such breach is capable of remedy, and the Defaulting Party fails to remedy such breach and/or failure within 30 (thirty) days of receipt of a written notice from the other Party (“Aggrieved Party”) requiring such remedial action; or
18.2.2 if such breach constitutes a material breach and is incapable of remedy, then the Aggrieved Party shall forthwith be entitled, but not obliged, without prejudice to any other rights or remedies which the Aggrieved Party may have in terms of this Agreement (but subject to any limitations in terms of this Agreement) or in law to claim immediate performance and/or payment of all the Defaulting Party’s obligations in terms hereof and/or cancel this Agreement and/or claim damages.

18.3 We may also terminate this Agreement immediately upon notice to you:

18.3.1 you have ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of your assets, or become the subject of any insolvency, business rescue, liquidation, dissolution or similar proceeding.
18.3.2 in any of the circumstances contemplated in clause 16 if the relevant circumstance cannot be remedied or becomes permanent.

19. EFFECT OF TERMINATION

19.1 Upon termination of this Agreement for any reason contemplated in this Agreement:

19.1.1 your account, and all System User Accounts will be deactivated and your right to access and use the Service immediately terminates;
19.1.2 you remain responsible for all Service Fees and/or charges you have incurred up to the date of termination;
19.1.3 we will continue to store Your Content in accordance with the provisions of clause 9 and our obligations in terms of applicable laws;
19.1.4 you may retrieve Your Content from the Service only if you have paid all amounts due; and
19.1.5 we will provide you with post-termination data retrieval assistance including collating Your Content and archiving it into a zipfile (should you specifically request this).

19.2 Any additional post-termination assistance from us is subject to mutual agreement by you and us.

19.3 The expiration or termination of these Terms of Service shall not affect such of the provisions of these Terms of Service as expressly provide that they will operate after any such expiration or termination or which of necessity must continue to have effect after such expiration or termination, notwithstanding that the clauses themselves do not expressly provide for this.

20. CONFIDENTIALITY

The Parties attention is drawn to the confidentiality obligations contained in the NDA, the terms of which all Parties have agreed to.

21. MISCELLANEOUS

21.1 This Agreement constitutes the entire agreement between you and the Company and supersedes any and all previous agreements, written or oral, between you and the Company, including previous versions of the Terms of Service.

21.2 We may revise these Terms of Service from time to time by posting a notice on the Commspace website. You will also receive notification of any changes when you log in. Any changes will become effective on the day the revised Terms of Service are posted on the Commspace website unless indicated otherwise. You should check this page occasionally to ensure you are happy with any changes. If you continue to use the Services after changes have become effective, this will mean that you accept those changes. If you do not accept any new version of these Terms of Service, you may give us written notice of your intention to discontinue using the Services, and this Agreement shall terminate with effect from the last business day of the month in which you give us such notice.

21.3 The Company may assign this Agreement in whole or part at any time. You may not assign your rights and obligations in terms of this Agreement without our prior written consent, which shall not be unreasonable withheld.

21.4 This Agreement and the relationship between you and the Company shall be governed by the laws of the Republic of South Africa. Any dispute relating to or arising from these Terms of Service will be subject to the jurisdiction of the Western Cape High Court, Cape Town.

21.5 Any failure or delay of either party to enforce or exercise a right provided in these terms is not a waiver of that right.

21.6 Should any provision of these terms be found invalid, unlawful or unenforceable, then that provision (or part of it, as appropriate) will be deemed to be deleted to the extent necessary to remove the invalid, unlawful and/or unenforceable part, and the validity and enforceability of the other provisions of these Terms of Service will be unaffected.

21.7 In addition to the clauses which specifically record that they will survive the expiration or termination of this Agreement, any other provision that, in order to give proper effect to its intent, should survive such expiration or termination, will survive the expiration or earlier termination of this Agreement.

21.8 Notices:

21.8.1 We may provide any notice to you under this Agreement by sending a message to the email address then associated with your account. It is your responsibility to keep your email address current. You will be deemed to have received any email sent to the email address then associated with your account when we send the email, whether or not you actually receive the email.
21.8.2 To give us notice under this Agreement, you must do so by way of e-mail to e-mail address: martha@headspacetech.com.

Terms of Service PDF

Privacy Policy

Applicable as of 1 August 2020

1. GENERAL INFORMATION

1.1 Introduction

Thank you for your interest in our website and our online services. Protecting customers’ / visitors’ / users’ data and using it only in the way our customers/visitors/users expect from us is our highest priority. Thus, the following Policy is designed to inform you about the processing of your Personal Information and your rights regarding this processing according to the Protection of Personal Information Act No. 4 of 2013 (“POPI”) and other data protection laws including the General Data Protection Regulation (“GDPR”) where applicable.

1.2. Responsible Party

We, the Headspace Technologies are the Responsible Party according to POPI and therefore responsible for the data processing explained herein.

1.3. Information Officer

You can contact our Information Officer at any time by using the following contact details:

Address: KWV Head Office, 57 Main Road, Paarl, South Africa
Phone: 0861 477 774
e-mail: iso@headspacetech.com

2. PROCESSING OF PERSONAL DATA DURING YOUR USE OF OUR WEBSITE

Your visit to our website and/or use of our online services will be logged. The IP address currently used by your device, date and time, the browser type and operating system of your device, the pages accessed and additional data may be recorded. This data is collected for the purposes of optimising and improving our website as well as our online services. The processing is legally based on legitimate interest as it is in our legitimate interest to protect our website and to improve the quality of our services. Additionally, your Personal Information is only stored if you provide it to us on your own account, e.g. as part of a registration, a survey, an online application or for online purchase (performance of a contract). We have taken appropriate measures to ensure that the data provided to us during the registration is adequately protected. These measures include, but are not limited to, encryption, access control, segregation of duties, internal audit etc.

2.1. Newsletter Registration

If you wish, you can subscribe for our newsletter on our website https://www.commspace.co.za/contact by filling out the registration form provided there. The Personal Information that is collected in the registration form will only be processed for sending newsletters to your e-mail address and only if you have given your consent to this data processing. Your Personal Information will be processed until you unsubscribe from the newsletter by clicking the link “unsubscribe” which is provided in each newsletter you receive from us. Please note that you will not receive any newsletters from us anymore after you unsubscribe.

2.2. Contact Form

You can use the contact form on our website https://www.commspace.co.za/contact to contact us for any request. The Personal Information that you filled out into the contact form will only be processed for answering your request. Filling in and submitting the contact form constitutes an affirmative action by which you have given your consent to the data processing.

2.3. Cookies

To make your visit to our website more pleasant and to enable the use of certain functions, we may use “cookies” on various pages. Cookies are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session. Other cookies remain on your device and enable us or our partner companies to recognise your browser on your next visit. You can set your browser in such a way that you are informed about the setting of cookies separately and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. For more information, see the help function of your Internet browser. If cookies are not accepted, the functionality of our website may be limited.

To find out more about how we use cookies you can access our “Cookie Policy” at https://legal.commspace.co.za/#cookie-policy

2.4. Data Recipients

We may use third-party service providers to process your Personal Information. These service providers may be located in or outside of South Africa or in countries within and outside the European Union (EU) and the European Economic Area (EEA). We ensure that these service providers process Personal Information in accordance with European data protection guidelines or legislation to guarantee an adequate data protection level, even if Personal Information is transferred into a country outside the EEA for which no adequacy decision of the EU Commission exists. Transfers of Personal Information to other recipients is not performed, except where we are obliged to do so by law. For more information about appropriate safeguards for the international data transfer or a copy of them, please contact our Information Officer.

2.5. Retention Period

Personal Information provided to us via our website will only be stored until the purpose for which it was processed has been fulfilled. Insofar as retention periods under commercial and tax law must be observed, the storage period for certain data can be up to 10 years. However, storage periods may also be amended due to our legitimate interest (e.g. to guarantee data security, to prevent misuse or to prosecute criminal offenders).

3. YOUR RIGHTS

As a Data Subject, you can contact our Information Officer at any time with a notification under the contact information mentioned above under clause 1.3 to make use of your rights. These rights are the following:

The right to receive information about the data processing and a copy of the processed data;

The right to demand the rectification of inaccurate data or the completion of incomplete data;

The right to demand the erasure of Personal Information;

The right to demand the restriction of the data processing;

The right to receive the Personal Information concerning the Data Subject in a structured, commonly used and machine-readable format and to request the transmittance of these data to another controller;
The right to object to the data processing;
The right to withdraw a given consent at any time to stop data processing that is based on your consent;
The right to file a complaint with the competent supervisory authority: inforeg@justice.gov.za.

Privacy Policy PDF

POPIA Compliance

Applicable as of 1 February 2022

Introduction

The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent to the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks of non-compliance include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect PII.

Acronym definitions:

POPIA – Protection of Personal Information Act

ISO – Information Security Officer

ISO27001 – International Standard for Information Security

GDPR – General Data Protection Regulation

ISMS – Information Security Management System

1. Our approach to POPIA compliance

In 2020 we officially became POPIA compliant as part of the process of becoming ISO27001 certified. ISO27001 is an international standard that defines how to manage information security in an organization through the implementation of a robust information security management system (ISMS). To this ISMS we added the additional items required to achieve full POPIA (and GDPR) compliance.

2. How are we meeting POPIA compliance?

We are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information and information-related assets relevant to meet the purpose and goals of the organisation. This includes the handling of personal data or “Personally Identifiable Information” (PII).

Furthermore, we are committed to ensuring compliance with the European Union General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA) 1998 and any other data protection legislation or regulation relevant to our business operations.

In complying with the above-mentioned legislation and regulation, the organisation makes commitments to implement policies and processes related to that compliance and to make staff and relevant third parties aware of their responsibilities when handling personal data.

More detailed policies and processes support this document, including our Information Security Policy. A GDPR compliance workspace is also maintained in line with Information Commissioner Office recommendations. These are located and managed within our ISMS platform. References to these documents can be found below and requested from our ISO.

Data Protection Policy

Information Security Policy

Data Retention Policy

Data Breach Response Plan

3. What are our obligations towards you?

We, Headspace Technologies, are obligated to secure any Personal Identifiable Information (PII) provided to us. We will destroy, move and/or modify PII to the needs of the information owner on request to our ISO. We are obligated to adhere to these requests given the authorization of the information owner and the correct processes are followed. We acquire consent from information owners before processing PII and are obligated to request the consent in a timely manner before we plan to use/process the information for different purposes than for previously given consent.

Your PII will be controlled through secure systems and removed from our ownership based on a retention schedule. These schedules act as audits to ensure that we are not in possession of PII after the agreed/consented period. We are obligated to supply information owners’ copies of our policies and procedures on request to clarify and/or prove the existence of the same. We must also have an accessible environment for information owners to contact, request or demand actions, procedures and/or information regarding their PII and security-related enquiries.

All members of staff have an obligation to report actual or potential data protection weaknesses, events and incidents where compliance may be breached. This allows us to:

Investigate the failure and take remedial steps if necessary

Maintain a register of compliance failures

Notify the Supervisory Authority (SA) of any compliance failures that are material either in their own right or as part of a pattern of failures

The reporting of such weaknesses, events and incidents will be managed through our Information Security Incident Management processes.

4. What are your obligations towards us?

As the information owners of your PII, you are obligated to supply us with consent before we may process your information. You must follow procedures and processes put in place by Headspace Technologies to request any modification, removal or relocation of your PII.

This document will be reviewed regularly to respond to any changes in the business, its risk assessment or risk treatment plan, and at least annually. All employees and relevant interested parties associated with the organisation’s handling of personal data must comply with these policies. Appropriate training and materials to support it are available.

Contact our ISO: iso@headspacetech.com

POPIA Compliance PDF

Data Protection Policy

Applicable as of 1 August 2020

1. GENERAL INFORMATION

1.1. PURPOSE
The purpose of this document is to demonstrate the Board of Directors and management commitment to the protection of personal data.

1.2. RESPONSIBLE PARTY
The Board of Directors and management of Headspace Technologies, located at 57 Main Road, Paarl, South Africa operates primarily in the business of financial technology.

1.3 INTRODUCTION
We are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information and information-related assets relevant to meet the purpose and goals of the organisation. This includes the handling of personal data or “Personally Identifiable Information” (PII).

Furthermore, we are committed to ensuring compliance with the European Union General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA) 1998 and any other data protection legislation or regulation relevant to our business operations.

In complying with the above-mentioned legislation and regulation, the organisation makes commitments to implement policies and processes related to that compliance and to make staff and relevant third parties aware of their responsibilities when handling personal data.

More detailed policies and processes thus support this policy, including our Information Security Policy. A GDPR compliance workspace is also maintained in line with Information Commissioner Office recommendations. These are located and managed within the ISMS.online platform.

This policy will be reviewed regularly to respond to any changes in the business, its risk assessment or risk treatment plan, and at least annually.

2. SCOPE
All employees and relevant interested parties associated with the organisation’s handling of personal data have to comply with this policy. Appropriate training and materials to support it are available.

3. DEFINITIONS
The key definitions of terms used within or referred to by this policy are based upon those in the GDPR or other recognised documentation and are contained in Annex A.

4. ORGANISATIONAL RESPONSIBILITIES
Our Data Protection Officer has overall responsibility for the day-to-day implementation of this policy.

This policy will be reviewed regularly to respond to any changes in the business, its risk assessment or risk treatment plan, and at least annually.

4.1 Staff data protection training
All staff will receive training on this policy. New joiners will receive training as part of the induction process. Further training will be provided at least every two years or whenever there is a substantial change in the law or our policy and procedure.

Training is provided on a regular basis and when specific trigger events occur e.g. threats or incidents affecting all or part of the organisation, its supply chain or other Interested Parties that might impact the organisation financially or reputationally.

It will cover:

The law relating to data protection

Our data protection and related policies and procedures.

Completion of this training is compulsory and where appropriate will be evidenced by task completion in the ISMS.online platform.

Privacy Notice – transparency of data protection

Being transparent and providing accessible information to individuals about how we will use their personal data is important for our organisation and is required under GDPR. Whenever personal data is being collected we will document and provide a Privacy Notice in line with the requirements of Article 13 of the GDPR.

4.2 Conditions for processing
We will ensure any use of personal data is justified using at least one of the conditions for processing (described further below) and this will be specifically documented in the ISMS.online platform. All staff who are responsible for processing personal data will be aware of the conditions for processing. The conditions for processing will be available to data subjects in the form of a privacy notice.

4.3 Justification for personal data
We will process personal data in compliance with all eight data protection principles.

We will document the additional justification for the processing of sensitive data and will ensure any biometric and genetic data is considered sensitive.

4.4 Sensitive personal data
In most cases where we process sensitive personal data, we will require the data subject’s explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to identify clearly what the relevant data is, why it is being processed and to whom it will be disclosed.

4.5 Fair and lawful processing
We must process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.

Under GDPR, processing of personal data is lawful only if at least one of the following applies:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

processing is necessary for the performance of a contract to which the data subject is party or in order to take steps

at the request of the data subject prior to entering into a contract;

processing is necessary for compliance with a legal obligation to which the controller is subject;

processing is necessary in order to protect the vital interests of the data subject or of another natural person;

processing is necessary for the performance of a task carried out in the public interest or in the exercise of official

the authority vested in the controller;

processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party,

except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The processing of all personal data must be:

Necessary to deliver our services

In our legitimate interests and not unduly prejudice the individual’s privacy

In most cases, this provision will apply to routine business data processing activities.

Our Terms of Business contains a Privacy Notice to clients on data protection.

The notice:

Sets out the purposes for which we hold personal data on customers and employees

Highlights that our work may require us to give information to third parties such as expert witnesses and other professional advisers

Provides that customers have a right of access to the personal data that we hold about them

4.6 Consent
The data that we collect is subject to active consent by the data subject. This consent can be revoked at any time.

4.7 Accuracy and relevance
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.

Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate, you should record the fact that the accuracy of the information is in dispute and inform the Data Protection Officer.

4.8 Data Portability
Upon request, a data subject should have the right to receive a copy of their data in a structured format. These requests should be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals.

A data subject may also request that their data is transferred directly to another system. This must be done for free.

4.9 Right to be forgotten
A data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies.

4.10 Privacy by design and default
Privacy by design is an approach to projects that promote privacy and data protection compliance from the start. The Data Protection Officer will be responsible for conducting Privacy Impact Assessments (PIA) and ensuring that all IT and other relevant projects commence with a privacy plan. ISMS.online provides a PIA framework that is used for managing the process and documenting the approach.

When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.

4.11 International data transfers
No data may be transferred outside of the EEA without first discussing it with the data protection officer. Specific consent from the data subject must be obtained prior to transferring their data outside the EEA.

4.12 Data security
We must keep personal data secure against loss or misuse. Where other organisations process personal data as a service on our behalf, the Data Protection Officer will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.

The organisation has a documented “Information Security Policy” and a set of subordinate security policies and controls relating to our management of data and information security. These are held within the ISMS.online platform.

4.13 Data retention
We must not retain personal data for longer than is necessary. What is “necessary” will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but should be determined in a manner consistent with our data retention guidelines.

Data retention schedules will be maintained showing the minimum and maximum periods of retention for each data set.

4.14 Data audit and register
Regular data audits to manage and mitigate risks will inform the data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.

5. STAFF RESPONSIBILITIES
All individual staff members are responsible for playing their part in maintaining the confidentiality, integrity and availability of personal data in compliance with the GDPR, DPA and organisational policies, standards and procedures.

You must familiarise yourself with the requirements contained in this policy and any other relevant security policy and comply with any requirements relating to the proper handling and security of personal data.

5.1 Your personal data
You must take reasonable steps to ensure that the personal data we hold about you is accurate and updated as required. For example, if your personal circumstances change, please inform the Data Protection Officer or the HR Department so that they can update your records.

5.2 Handling others’ personal data
You must familiarise yourself with the organisational responsibilities detailed above and ensure that you comply with these whenever you are handling personal data. Special care and attention must be given when handling sensitive personal data.

5.3 Processing data in accordance with the individual’s rights
You must abide by any request from an individual not to use their personal data for direct marketing purposes. Notify the Data Protection Officer about any such request if it falls outside of the normal processes or you have any reason to be unsure about the appropriate practice.

Contact the Data Protection Officer for advice on direct marketing before starting any new direct marketing activity to ensure compliance with all relevant data protection and other legislation.

5.4 Reporting breaches
All members of staff have an obligation to report actual or potential data protection weaknesses, events and incidents where compliance may be breached. This allows us to:

Investigate the failure and take remedial steps if necessary

Maintain a register of compliance failures

Notify the Supervisory Authority (SA) of any compliance failures that are material either in their own right or as part of a pattern of failures

The reporting of such weaknesses, events and incidents will be managed through our Information Security Incident Management processes.

5.5 Monitoring
Everyone must observe this policy. The Data Protection Officer has overall responsibility for this policy. They will monitor it regularly to make sure it is being adhered to.

Data Protection Policy PDF