Our Privacy Policy.
Effective date: June 10, 2025
Active Version : v1.0
Last updated on: June 10, 2025
1. ABOUT US
1.1.
Handicap Tour (Pty) Ltd is a private company registered and operating in accordance with the laws of the Republic of South Africa, situated at Rhenosterfontein Country Estate, Rustenburg, North West, 0299, South Africa.
2. ABOUT THIS PRIVACY POLICY
2.1.
The purpose of this policy ("Privacy Policy") is to communicate how we process personal information relating to identifiable natural persons or existing juristic persons (collectively "Personal Information"), and to share certain information required in terms of the Protection of Personal Information Act 4 of 2013 ("POPIA").
2.2.
This Privacy Policy describes how we process Personal Information in providing golf event participation services ("Services") through the Handicap Tour mobile application ("Application") and also applies to the use of our informational website located at www.HandicapTour.co ("Website").
2.3.
We may update this Privacy Policy from time to time by publishing a revised version on our Website and Application, which shall take effect on the date of publication. Please be sure to keep yourself up to date with our latest Privacy Policy.
2.4.
This Privacy Policy should be read with any other agreements, terms, policies and the like published by us in relation to our Services. To the extent that any other binding document may conflict with our Privacy Policy, the former shall prevail.
2.5.
Should you have any questions about this Privacy Policy or how we process your Personal Information, please contact us at support@handicaptour.co herein "Privacy Mailbox".
3. THE TYPES OF PERSONAL INFORMATION WE PROCESS AND HOW WE OBTAIN IT
3.1.
Please refer to Annexure A for a detailed description of the categories of Personal Information we process, including the purposes for which it is collected and the legal basis for such processing.
4. YOUR RIGHT TO UPDATE, CORRECT, OR DELETE YOUR INFORMATION
4.1.
You can update, correct, or delete Personal Information relating to your account with us by logging into your account on the Application at any time.
4.2.
If you wish to update, correct, or delete other Personal Information that you cannot update, correct, or delete on your account on the Application, you may contact us at our Privacy Mailbox.
5. YOUR RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL INFORMATION
5.1.
You have the right to object to the processing of your Personal Information where we are relying on your legitimate interests, our legitimate interests, or those of a third party to process the Personal Information.
5.2.
You may also object generally to the processing of your Personal Information on reasonable grounds relating to your particular situation, for instance, where such processing negatively impacts your fundamental rights and freedoms.
5.3.
If you wish to object to the processing of your Personal Information as described under this heading, kindly contact us at our Privacy Mailbox.
6. STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
6.1.
We implement technical and organisational measures, in compliance with the requirements of applicable law, to ensure that the Personal Information in our possession remains confidential and secure against unauthorised or unlawful processing, and against accidental loss, destruction, or damage. Such measures include:
6.1.1.
restricting access to Personal Information to authorised personnel only, based on a need-to-know basis;
6.1.2.
the use of password protection and access controls on systems that process or store Personal Information;
6.1.3.
encrypting Personal Information during transmission over public networks;
6.1.4.
regular backups of Personal Information to prevent data loss;
6.1.5.
the use of reputable third-party hosting and infrastructure providers who implement industry-standard security controls;
6.1.6.
maintaining firewalls and antivirus or endpoint protection software on systems used in our operations;
6.1.7.
logging and monitoring of system access to detect and respond to security events; and
6.1.8.
ensuring that staff with access to Personal Information are bound by confidentiality obligations and receive basic data protection training.
6.2.
You acknowledge and agree however that there are inherent risks to the security of data in the use of providing electronic transactional services. We accordingly do not guarantee that your data cannot ever be compromised, and you accept this risk by using our Application.
6.3.
You are responsible for keeping your password to access the Application confidential. Please do not share your password with anyone.
6.4.
We will keep your Personal Information for only a reasonable amount of time, to enable us to use it for the purposes described in this Privacy Policy and in accordance with applicable law.
7. HOW WE SHARE YOUR PERSONAL INFORMATION
7.1.
Subject to compliance with POPIA, we may disclose your Personal Information as required to render the Services to you, including disclosure to:
7.1.1.
payment gateway service providers;
7.1.2.
cloud infrastructure and hosting providers for secure data storage and operational hosting of the app;
7.1.3.
other Application users, within the Application ecosystem, to cross-validate user-submitted scorecards for an event; and
7.1.4.
affiliated golf clubs and tour administrators, to the extent necessary to verify user participation and tournament entry.
7.2.
Some of our third-party service providers are also located in the European Union, and accordingly your Personal Information may be transferred outside of South Africa. We will only do so, in accordance with POPIA, (1) once we have obtained your consent, (2) in order to render the Services to you in terms of a contract to which you are a party or which was concluded with a third party in your interest, or (3) where the recipient of the Personal Information is subject to a law, binding corporate rules, or binding agreement which adequately safeguards your Personal Information in a manner substantially similar to POPIA.
7.3.
We use a cloud hosting and data storage provider located within the European Economic Area ("EEA"). Information processed within the EEA is subject to the level of protection provided by the General Data Protection Regulation ("GDPR").
8. DISCLOSURES
8.1.
On rare occasions, we may be required to disclose your Personal Information because of legal or regulatory requirements. In such instances, we may disclose your Personal Information as required in order to comply with our legal obligations, including complying with court orders, warrants, subpoenas, service-of-process requirements, and/or discovery requests.
8.2.
We may also disclose information about our users to law enforcement officers or others, in the good faith belief that such disclosure is reasonably necessary to enforce our terms of use or this Privacy Policy, or respond to legal claims that any content violates the rights of third parties, or to protect our intellectual property rights or our personal safety or the personal safety of our users or the general public.
9. HOW TO CONTACT THE INFORMATION REGULATOR
9.1.
Section 74(1) of POPIA provides that any person may submit a complaint to the Regulator in the prescribed manner and form alleging interference with the protection of the Personal Information of a data subject.
9.2.
Contact information of the Information Regulator:
Postal address
JD House
27 Stiemens Street
Braamfontein
Johannesburg
2001
27 Stiemens Street
Braamfontein
Johannesburg
2001
Telephone number
+27 (0) 10 023 5200
Fax number
086 500 3351
Email address
Website
ANNEXURE A: CATEGORIES OF PERSONAL INFORMATION AND PROCESSING PURPOSES
1.
Information we collect when providing the Services:
| Type | Source | Voluntary or mandatory with legal basis for processing | Purpose of collection and consequences of failure to provide the information |
|---|---|---|---|
Technical information for Application functionality:
|
Direct (automated) | Mandatory – legitimate interest. | Collected to enable basic Application functionality and secure delivery of digital Services. If not provided, the Application will not function properly. |
Registration and profile data:
|
Direct (user–provided) | Mandatory – performance of a contract. | Collected to register users for access to core Services, including event participation. If not provided, the user cannot create an account or register for tournaments. |
Identity verification information:
|
Direct (user – provided) | Voluntary – consent. | This is collected to verify the age and identity of users and may be required to process withdrawals from the Handicap Tour wallet. If not provided, certain features – including payouts and account verification – may be restricted. |
| Handicap Network Africa player unique identifier. | Direct (user – provided). | Voluntary – consent. | This is collected to calculate a user's handicap index for purposes of event participation and rankings. If not provided, a user will not be able to participate in events. |
Device feature access:
|
Direct (via Application permission) | Voluntary – consent. | The location of your device, accurate within radius of 5km, is collected while you are using the Application to verify your physical attendance at a tournament venue. If not provided, your attendance cannot be confirmed, resulting in exclusion from the event. |
| Video footage and photographs. | Direct. | Mandatory (legitimate interest) or voluntary (consent). | We may capture video footage and photographs at our golfing events, where you may appear incidentally. This is necessary to pursue our legitimate interest of marketing and promoting our Services. If we wish to use a specific image or video in which you are clearly and prominently featured, we will seek your prior consent and will not proceed without it. |
Device feature access:
|
Direct (via Application permission) | Voluntary – consent. | Collected to enable peer verification of player participation through QR code scanning. If not provided, this feature will not function. |
Optional authentication:
|
Direct (via device) | Voluntary – consent. | Collected to facilitate biometric login for user convenience and security. This is done entirely on your device using its secure biometric features, and no biometric information is transmitted to or stored by us. If not provided, the user must log in using a password. |
Internal user ID:
|
Generated by the Application. | Mandatory – legitimate interest, | Collected to assign a unique identifier within the Application for user identification and interaction. If not provided, peer interaction and player validation features will not function. |
| Golf course name and location | Indirect – publicly available sources. | Voluntary – legitimate interest. | Collected to list and display participating clubs on the Application for user access and course selection. If not provided, the club will not be featured or discoverable in the Application. |
| Slope rating and technical data | Indirect – publicly available sources. | Voluntary – legitimate interest. | Collected to calculate fair scoring using the official slope rating of each course. If not provided, the course cannot be featured in events on the Application. |
| Club logo, media, and branding. | Direct – provided by club. | Voluntary – consent. | Collected to visually represent the club and enhance its visibility and recognition within the Application. If not provided, the club may appear without branding or visual representation or may not be featured on the app at all, at our discretion. |
| Event organiser branding and identifying information. | Direct – provided by organisers. | Voluntary – performance of a contract. | Collected to enable the creation, scheduling, and display of events hosted at the club. If not provided, the event cannot be featured on the Application. |