Shiftly (Pty) Ltd (Reg: 2019 / 341555 / 07) (“Shiftly”) adheres to the highest standards of protecting your personal information when you use or any of its related blogs, websites, applications or platforms (collectively, “the Website”) or any Shiftly services (“Services”). As such, we have created this specific and detailed Privacy Policy for you to read and appreciate exactly how we safeguard your personal information and respect your privacy (“Policy”).

  • Please note that Shiftly is a private limited liability company duly registered and operating in accordance with the laws of the Republic of South Africa.
  • For more information regarding your personal information lawfully stored or used by the Website or Shiftly, please contact who will gladly assist.
  • Please read this Policy alongside our general Terms.
  • This Policy was last updated on 20 February 2020.
  • Not all terms are necessarily defined in order.
  • This Policy complies with, and facilitates the obligations required from, the South African Protection of Personal Information Act, No. 4 of 2013 (“POPI”), as amended.
  1. Introduction and Our Role
    1. In some circumstances, Shiftly is the “responsible party” (as defined in POPI) and is responsible for your personal information (collectively referred to as “we”, “us” or “our” in this Policy) in instances where we decide the processing operations concerning your personal information.
    2. Sometimes we also operate as an “operator” (as defined in POPI) of personal information on behalf of a third-party responsible party, where that responsible party’s privacy terms will apply. The terms "user", “you", “data subject” and “your” are used interchangeably in this Policy and refer to all persons accessing the Website or engaging with Shiftly for any reason whatsoever.
    3. We have appointed a data representative at Shiftly who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the representative using the details set out below.
    4. Our full details are:
      1. Full name of legal entity: Shiftly (Pty) Ltd
      2. Name or title of data representative: Carel Christiaan de Villiers
      3. Email address:
      4. Postal address: PO Box 334, Somerset Mall, 7137
    5. You have the right to make a complaint at any time to the South African data regulator’s office (Information Regulator’s Office of South Africa). We would, however, appreciate the chance to deal with your concerns before you approach any such regulator, so please contact us in the first instance.
    6. The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or terms. When you leave our Website, or engage with such third parties, we encourage you to read the distinct privacy policy of every third-party you engage with.
  2. Personal information we collect from you
    1. Should you decide to register with or function as a user on the Website and/or use any Shiftly Services, you thereby expressly consent to, and opt-in to Shiftly collecting, collating, processing, and using the following types of information about you when you use the Website (“personal information”):
      1. Information provided by the user or from a user’s other authorised responsible party:
        Shiftly processes personal information (that is information about the user that is personally identifiable like the user’s first name(s), surname, initials, title, gender, ID number, date of birth, country of birth, nationality, physical address, tax number,
        cellphone number, email, occupation, employer name, employer industry, designation, monthly income, source of funds, bank details, service preferences and contact preferences that are not otherwise publicly available) which Shiftly either processes as its own responsible party, or which is received from another responsible party to whom you have provided your personal information with your permission to be shared with Shiftly as the operator; and
      2. Information that is collected automatically:
        Shiftly receives and stores information which is transmitted automatically from the user’s computer when the user browses the internet. This information includes information from cookies (which are described in clause 9 below), the user’s Internet Protocol (“IP”) address, browser type, web beacons, geo-locationary information, embedded web links, and other commonly used information-gathering tools. These tools collect certain standard information that your browser sends to the Website such as your browser type and language, access times, and the address from which you arrived at the Website. 
    2. Should your personal information change, please inform us and provide us with updates to your personal information as soon as reasonably possible to enable us to update it. Shiftly will, however, not be able to update any personal information of yours attained from another responsible party, where should you want to update same, you must approach the relevant responsible party to do so. Shiftly is under no obligation to ensure that your personal information or other information supplied by you is correct.
    3. We do not process personal information of any user under the age of 18 (eighteen). Do not provide us with such information where the provision of same will constitute a material breach of this Policy and the Terms.
    4. You warrant that the personal information disclosed to Shiftly is directly from you as the user on the Website or in connection to the Services, and all such personal information is lawfully yours to provide. You also warrant that any personal information provided to us from a third-party responsible party, was attained from you lawfully and provided to us with your express consent to the relevant responsible party to do so.
    5. You may choose to provide additional personal information to us, in which event you agree to provide accurate and current information, and, generally, not to impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything.
  3. When do we collect your personal information
    We will process your personal information in the following circumstances:
    1. when you contract with us for Services from us online or over the phone;
    2. when you access our Website. Our Website also uses cookies; to find out more about the use of cookies and how you can manage them, please read our Cookie provision below;
    3. when you register for our newsletter;
    4. when you have been in contact with one of our sales representatives or account managers during presentations, conferences or roadshows;
    5. when you contact us or we contact you to take part in surveys;
    6. when you contact our customer service team, live events, online or over the phone; and/or
    7. when you engage with us on social media (by mentioning/tagging us or by contacting us directly).
  4. How we use your personal information
    1. Any processing of your personal information will be reservedly for our legitimate business purposes and as a necessary function of your engagement with the Website and/or our Services, and you have expressly consented to this by using the Services and/or Website, but we will not, without your express additional consent:
      1. use your personal information for any purpose other than as set out below:
        1. in relation to the provision to you of the Services and/or access to the Website;
        2. to fulfil orders for Services;
        3. for internal record keeping of responsible party third parties and the development of metrics of third-party searches;
        4. to perform our KYC/AML verification checks against you;
        5. to contact you regarding current or new Services or any other product offered by us or any of our divisions and/or partners (unless you have opted out from receiving marketing material from us, possible through that same correspondence to you);
        6. to inform you of new features, special offers and promotional competitions offered by us or any of our divisions and/or partners (unless you have opted out from receiving marketing material from us, possible through that same correspondence to you); and
        7. to improve our product selection and your experience on our Website by, for example, monitoring your browsing habits, or tracking your activities on the Website; or
      2. disclose your personal information to any third party other than as set out below:
        1. to our employees and/or third-party service providers who assist us to interact with you via our Website, email or any other method, for your use of the Services, and thus need to know your personal information in order to assist us to communicate with you properly and efficiently. Same third-party service providers include the parties who have to process your personal information in order to provide you with their ancillary services to the Shiftly Services.
        2. to external responsible parties who already have your express consent to process and/or attain such personal information from and/or with us;
        3. to our divisions and/or partners (including their employees and/or third party service providers) in order for them to interact directly with you via email or any other method for purposes of sending you marketing material regarding any current or new Services, new features, special offers or promotional items offered by them (unless you have opted out from receiving marketing material from us, possible through that same correspondence to you);
        4. to our professional services providers (such as our insurers or lawyers where we believe that it is required under our contractual relationship with our insurance provider to do so);
        5. to law enforcement, government officials, fraud detection agencies or other third parties when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report or support the investigation into suspected illegal activity or the contravention of an applicable law, or to investigate violations of this Policy and/or the Website’s other policies; and
        6. to our service providers (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services etc). However, our contracts dictate that these service providers may only use your information in connection with the services they perform for us, not for their own benefit and under the same standards as how we operate.
    2. We are entitled to use or disclose your personal information if such use or disclosure is required in order to comply with any applicable law, subpoena, order of court or legal process served on us, or to protect and defend our rights or property. In the event of a fraudulent online payment, Shiftly is entitled to disclose relevant personal information for criminal investigation purposes or in line with any other legal obligation for disclosure of the personal information which may be required of it.
  5. Our legal justifications for processing your personal information
    1. Your use of the Website and/or any of our Services constitutes your explicit opt-in consent to our processing of your personal information. Further, we also rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal information when you sign-up for and use our Services.
      Alternatively, in some cases, we rely on our legitimate interests as a business (for example, to measure customer satisfaction and troubleshoot customer issues). Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
    2. Subject to the other provisions in this Policy, the following constitutes our reasons for processing your personal information:
      1. To make our products and Services available to you
        1. We use your personal information to provide you with information, products and Services that you request or purchase from us (i.e. to complete certain tasks, processes or orders on our Website or within our apps, take payment online (where applicable) and deliver your Services), and to communicate with you regarding those Services that you purchased from us and respond to your questions and comments.
        2. We may also use your personal information to measure how satisfied our customers are and provide customer service (including troubleshooting in connection with purchases or your requests for Services or when you ask us questions on social media).
        3. When we need explicit consent from you, in order for you to freely opt-in into our Services and offering, we will ask it from you in a clear and transparent manner, and ask it for very specific purposes only, which will be communicated to you in all transparency. You can withdraw this consent at any time.
      2. For administrative and internal business purposes
        1. We may use your personal information for our internal business purposes, such as administrative fulfilment of Services, administrative fulfilment of invoices, project management and internal reporting. We may also use your data to monitor the use of our Website and ensure that our Website is presented in the most effective and relevant manner for you and your device and setting default options for you.
        2. It is in our legitimate interests as a business to use your personal information in this way. For example, we want to ensure our Website is customer friendly and works properly and that our products and Services are efficient and of high quality. We also want to make it easy for you to interact with us. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
      3. For security and legal reasons
        1. We use your personal information to:
          1. ensure the personal and financial information you provide us is accurate;
          2. conduct fraud checks or prevent other illegal activity;
          3. protect our rights or property (or those of others); and
          4. fulfil our legal and compliance-related obligations.
        2. In some cases we will use your personal information because it’s necessary for us to comply with a legal obligation (such as if we receive a legitimate request from a law enforcement agency).
          In other cases (such as the detection of fraud) we will rely on our legitimate interests as a business to use your personal information in this way.
      4. To conduct necessary KYC/AML verifications and checks
        1. Shiftly is required by applicable legislation to conduct KYC/AML verifications of funds it receives from users.
        2. Accordingly, Shiftly has to acquire and verify certain information from you, which information and verification process is detailed in our KYC/AML Policy.
        3. Further, should our verifications require that you provide us with further information than what you have originally provided to Shiftly for the use of our Services – as dictated by applicable laws – you must provide us with same information in order to continue to use our Services.
      5. In relation to your Shiftly customer relationship
        1. We use your personal information to personalise your experience with Shiftly to:
          1. provide you with marketing information via SMS, post and/or email if you have given us your consent to this;
          2. process your registration details, account activity and purchase history to analyse how you shop and what you shop for. This may include information on Services you have viewed, historical transactions and products you have added ordered. This allows us to provide a browsing experience which is relevant to you;
          3. carry out limited automated decision making (segmentation) based on the information you have given us when we segment our Shiftly customer database to determine which offers that you may be interested in.
        2. We rely on your consent to send direct SMS, postal and/or email marketing messages to you based on the consent we acquired from you when you signed up, as amended by you from time to time.
          In other cases (for example, measuring the effectiveness of our marketing), we will rely on our legitimate interests as a business to communicate with you in an engaging and efficient way.
  6. Original and updated purposes for processing
    1. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
  7. International Transfer of personal information
    1. We may share your personal information within the Shiftly group of companies and this may involve transferring and processing your data outside of South Africa.
    2. Whenever we transfer your personal information out of the country, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
      1. we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information;
      2. where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe under the GDPR; or
      3. where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal information shared between Europe and the US.
  8. How we treat your personal information
    1. We will ensure that all of our employees, third-party service providers, divisions and partners (including their employees and third-party service providers) having access to your personal information are bound by appropriate and legally binding confidentiality obligations and process your personal information at standards equal to or higher than Shiftly’s in relation to your personal information.
    2. We will:
      1. treat your personal information as strictly confidential, save where we are entitled to share it as set out in this Policy;
      2. take appropriate technical, security and organisational measures to ensure that your personal information is kept secure and is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access;
      3. provide you with reasonable access to your personal information to view and/or update personal details;
      4. promptly notify you if we become aware of any unauthorised use, disclosure or processing of your personal information;
      5. provide you with reasonable evidence of our compliance with our obligations under this Policy on reasonable notice and request; and
      6. upon your request, promptly correct, transfer, return or destroy any and all of your personal information in our possession or control, save for that which we are legally obliged or entitled to retain (acknowledging that some Website and/or Service functionality might be lost if certain personal information is amended or destroyed).
    3. We will not retain your personal information longer than the period for which it was originally needed, unless we are required by law to do so, or you consent to us retaining such information for a longer period. In some circumstances, other applicable national laws require us to retain your data beyond your request for its deletion, or beyond your direct engagement with Shiftly. As such, we may retain your personal information in adherence with compulsory instructions from other applicable national laws, notwithstanding your application to have it deleted or amended.
    4. Whilst we will do all things reasonably necessary to protect your rights of privacy, we cannot guarantee or accept any liability whatsoever for unauthorised or unlawful disclosures of your personal information, whilst in our possession, made by third parties who are not subject to our control, unless such disclosure is as a result of our gross negligence or fraud.
      If you disclose your personal information to a third party, such as an entity which operates a website linked to the Website or anyone other than Shiftly, Shiftly shall not be liable for any loss or damage, howsoever arising, suffered by you as a result of the disclosure of such information to the third party, including another user. This is because we do not regulate or control how that third party uses your personal information. You should always ensure that you read the privacy policy of any third party.
  9. Cookies provision
    1. The Website may make use of “cookies” to automatically collect information and data through the standard operation of the Internet servers. “Cookies” are small text files a website can use (and which we may use) to recognise repeat users, facilitate the user’s on-going access to and use of a website and allow a website to track usage behaviour and compile aggregate data that will allow the website operator to improve the functionality of the website and its content, and to display more focused advertising to a user by way of third party tools. The type of information collected by cookies is not used to personally identify you. 
    2. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature. Please note that cookies may be necessary to provide you with certain features available on our Website, and thus if you disable the cookies on your browser you may not be able to use those features, and your access to our Website will therefore be limited. If you do not disable “cookies”, you are deemed to consent to our use of any personal information collected using those cookies, subject to the provisions of this Policy and the Website’s other policies.
  10. User rights and obligations
    1. The user is entitled to request access to any relevant personal information held by Shiftly and where such access is necessary for you to exercise and/or protect any of the user’s rights. For any personal information held by any third-party responsible party, the user must approach that responsible party for the realisation of the user’s personal information rights with them, and not with Shiftly.
    2. Under POPI, you have rights in relation to your personal information. Please contact us to find out more about, or manifest, these rights:
      1. have your data processed in a fair, lawful and transparent way;
      2. be informed about how your personal information is being used, an example being this privacy policy;
      3. access personal information we hold about you;
      4. require us to correct any mistakes in your personal information;
      5. require us to delete personal information concerning you in certain situations where there is no good reason for us to continue to process it;
      6. request that we transfer your personal information to you or another service provider in a simple, structured format;
      7. object at any time to processing of your personal information for direct marketing purposes;
      8. object to automated decision making which produces legal effects concerning you or similarly significantly affects you;
      9. object in certain other situations to our continued processing of your personal information; and/or
      10. otherwise restrict or temporarily stop our processing of your personal information in certain circumstances.
    3. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
    4. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
    5. We try to respond to all legitimate requests within one week. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
    6. Users with citizenships from jurisdictions other than of South Africa, please note that Shiftly complies with all South African data protection laws when processing your personal information pursuant to the Services. Should foreign law be applicable in any regard to your use of the Services and/or the Website in any way, including how we may process your personal information, please contact Shiftly at to gladly engage you on its application and your rights.
    7. Users acknowledge that any content provided by users on the Website, including via a messaging system, enters an open, public forum, and is not confidential, where the author of which will be liable for that content, and not Shiftly. 
    8. Users understand that there are risks involved in sharing personal information. By disclosing personal information such as the user’s name and email address, users acknowledge and understand that this information may be collected and used by a third party to communicate with you.
    9. By accepting this Policy, you have opted-in to receive emails from Shiftly, where your email address will be used to contact you from time to time and may also use it for security reasons to confirm your identity.
    10. You have the right to opt-out of receiving email communication by following the directions posted on every email communication.
  11. Shiftly’s rights relating to personal information
    1. Shiftly will disclose the user’s personally identifiable information if it reasonably believes that it is required to do so by law, regulation or other government authority or to protect the rights and property of Shiftly, its affiliates or the public. Shiftly may also co-operate with law enforcement in any official investigation and may disclose the user’s personally identifiable information to the relevant agency or authority in doing so.
    2. Circumstances may arise where, whether for strategic or other business reasons, Shiftly decides to sell, buy, merge or otherwise reorganize its business. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is Shiftly’s practice to seek reasonable protection for information in these types of transactions and notify you prior to any disclosure of personal information. Such disclosure will also be subject to this Policy.
    3. Shiftly strives to keep the user’s personal information accurately recorded. Shiftly provides a user with the reasonable ability to review and correct it or ask for anonymization, blockage, transfer or deletion, as applicable. Please contact to engage Shiftly on such actions or requests.
    4. We also collect, use and share aggregated data or de-identified data such as statistical or demographic data for any purpose. Such de-identified or aggregated data may be derived from your personal information but is not considered personal information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy Policy.
© 2021 Shiftly (Pty) Ltd

Contact Us

©2021 Shiftly (Pty) Ltd


Contact Us