1. This Privacy Policy outlines how 22seven (Pty) Ltd (“22seven”, “we,” “us,” or “our”), a subsidiary of Vault22 Solutions Holdings Ltd (Registration number 8385 ), collects, uses, discloses, and protects your Personal Information in accordance with the Protection of Personal Information Act, 2013 ("POPIA"). By using our website at www.22seven.com (“Website”) and our mobile application (“Mobile Application”) (collectively referred to as “Service Channels”), you agree to the practices described in this Privacy Policy.

2. Vault22 may share your Personal Information in the course of a business transfer. Where all or a part of our business is merged, sold or reorganised, Personal Information about you maybe shared with the successor entity. Vault22 will use reasonable measures to help ensure that any successor entity Processes Personal Information in accordance with this Policy.

3. This Policy applies to all Data Subjects who use our Service Channels and all Data Subjects who Vault22 Processes their Personal Information.

4. If you do not agree with any part of this Privacy Policy, you must discontinue use of our Service Channels. Please do not provide us with any Personal Information if you do not agree with any of the provisions of this Privacy Policy. If you do not agree with any part of this Privacy Policy, we may not be able to provide our products and services to you.

The following definitions are aligned with POPIA and other relevant privacy laws:
1. “Applicable Law” means any statute, law, ordinance, regulation, rule, code, directive, judgement, decree, treaty, or any other requirement or rule of any international, national, federal, state, provincial, or local government authority, agency, court, or other governmental body having jurisdiction, as may be in force from time to time, and that is applicable to the performance of the obligations under these Terms or the use of our Service Channels;

2. “Consent”: means your voluntary, specific, and informed expression of will in terms of which permission is given for the Processing of Personal Information;

3. “Data Subject” or "You": means an identified or identifiable natural person or juristic person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person;

4. “IO”: means Cliff Nkuna, the duly appointed information officer of 22seven;
5. “Operator”: means a third party or Third Party Service Provider that processes Personal Information on behalf of 22seven;

6. “Personal Information": means any information relating to an identifiable, living natural person, or, where applicable, an identifiable existing juristic person, including but not limited to:
     6.1 A name, identification number, contact information, or other identifiers;
     6.2 information relating to race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, disability, religion, conscience, belief, culture, language, and birth;
     6.3 Biometric information, such as fingerprints, facial recognition, or voiceprints;
     6.4 Financial, criminal, or employment history;
     6.5 Opinions of and about the Data Subject; and
     6.6 Special Personal Information, including information on race or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life, or criminal records;

7. Policy” or “Privacy Policy”: means this privacy policy;
8. “POPIA”: means the Protection of Personal Information, 2013 and any regulations or codes of conduct promulgated thereunder;

9. “Processing”: means any activity that involves the use of Personal Information. It includes any operation or activity or any set of    operations, whether or not by automatic means, concerning Personal Information, including:
     1. The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
     2. Dissemination by means of transmission, distribution or making available in any other form; or
     3. Merging, linking, as well as restriction, degradation, erasure or destruction of information;

10. “Responsible Party”: means 22seven, as the entity determining the purpose and means of Processing Personal Information;

11. "Special Personal Information” means personal information concerning the religious or philosophical beliefs, race or ethnic origin, trade union membership,political persuasion, health or sex life or biometric information of a data subject; or the criminal behaviour of a data subject to the extent that such information relates to the alleged commission by a data subject of any offence; or any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings;

12. “Social Media Platforms”: means platforms such as Facebook, LinkedIn, Twitter, Pinterest, YouTube, Instagram, WeChat, WhatsApp, TikTok, blogs and all other similar Social Media or communication platforms;

13. “Third Party Service Providers”: means our third-party service providers whose services you access or use through our Service Channels; and

14. “Website” means 22seven’s website which can be found onhttps://www.22seven.com/.

15. “Vault22” means Vault22 Solutions Holdings Limited domiciled in Dubai having business registration number 8385.The following definitions are aligned with POPIA and other relevant privacy laws:

The security of your data is important to us. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. However, we do employ a number of safeguards intended to mitigate the risk of unauthorised access or disclosure of your information. We will do our best to protect your Personal Information and we will use up to date technology that will help us to do this. We will at all times comply with our obligation under Applicable Law.

In most circumstances, providing your Personal Information to us is voluntary. Sometimes, it may be mandatory to provide your Personal Information to us. If you fail to provide certain information when requested, we may not be able to perform the services you requested from us or we may be prevented from complying with our legal obligations.

We collect and receive information about you in the following ways:
  1. information you give us;
  2. information we collect and receive when you use the Website or Social Media Platforms; and
  3. information from third party sources.

The types of Personal Information listed below is what we collect as well as why we collect this information:

1. Account Information: This includes your name, contact details (e.g., email address,postal address, mobile number), date of        birth, and any identifying numbers (e.g., ID or passport numbers). We collect this information to provide you with our Service.  

2. Website and Mobile Application connection information: Your IP address, type, version and language of Internet browser, operating system and version, type of device, screen resolution, referring and exit web pages. We use your IP address to understand the geographic makeup of our customer base and to assist with the identification of potential unauthorised access. We use the rest of this information to optimise the usability of the Service on your access device. We may also         compile aggregate information to analyse usage patterns and make improvements to our Service.

3. Financial Information: This includes but is not limited to bank account details,credit card information, and financial history, collected to provide the Service and to perform credit checks where necessary. We also collect your bank account balances, transactions, debit orders, credit score, tax calculations, cover values, beneficiary details, trading margin, trading positions, asset & fund allocations and other account-specific details.

4. Public Forum/Message Board Information: Your name (as provided at registration)as well as the messages you post on our public forum/message board. This information is visible to all users and will remain as such even if you terminate your use of the Service.

5. Additional Verification Information: Copies of your identity documents or utility bills or any other information that is deemed necessary to verify your identity should you be unable to unlock your account through our standard online verification process.

6. Financial Product Uptake and Pricing: In order to safely guard information you provide, we may require you to provide your mobile number, date of birth, gender, smoker status, income level, level of education, occupation, occupation activities, residential address, housing details, vehicle details, driver’s license details and other similar details to enable you to take up and/or obtain personalised pricing of financial products.

7. Optional Personal Information: You may also opt to provide us with information such as your age, employment status, marital status, number of children, residential province & city, geolocation, credit score, financial objectives, savings goals, personal interests and other similar details that we may use to customise the Service for you and provide you with more accurate, personal and contextually relevant insights.  

8. Research and statistical analysis: 22seven is a subsidiary of Vault22. We or Vault22may use your Personal Information to conduct market or customer research or for analysis purposes.  

9. Information from third-party sources: We may receive additional information about you that is publicly or commercially available and combine that with the information we have collected or received about you in other ways.

10. Special Personal Information: In limited circumstances, we may collect your Special Personal Information. When we Process your Special Personal Information, we will ensure that we get your consent to do so unless another justification under law exists for us to use that information.

By providing us with your Personal Information, you acknowledge that 22seven may rely on any of the reasons mentioned above when Processing your Personal Information as set out in this Privacy Policy, unless your explicit consent is required by Applicable Law (for example, for direct marketing communications).

We may share your Personal Information with:
1. Our affiliates, in other words, other companies in our group;
2. A limited number of our employees on a need-to-know basis and subject to strict confidentiality and privacy policies and training;
3. Our Third Party Service Providers and authorised third party partners, process your information on our behalf, under strict conditions of confidentiality and security;
4. Other parties in response to legal processes or when necessary to conduct or protect our legal rights;
5. Companies that provide services to us or act on our behalf, subject to appropriate data processing agreements and security requirements as required by law; and
6. Other third parties where you provide consent. In some cases, third parties (often advertisers) may wish to attain information about you in order to promote their products to you, or for whatever other reason. We may share information with third parties where you provide consent in the form of an explicit opt-in. Before we ask you to opt-in, we will endeavour to provide you with a clear description of what data would be shared with the third-party. Remember that once you have opted in to allow us to send your information to the third-party, we cannot control what they do with your data; therefore, be sure to investigate their privacy policies before providing permission for us to share your information.

You may request details of Personal Information which we hold about you under the Promotion of Access to Information Act, 2000 (“PAIA”). Fees to obtain a copy or a description of Personal Information held about you are prescribed in terms of PAIA. Confirmation of whether or not we hold Personal Information about you may be requested free of charge. If you would like to obtain a copy of your Personal Information held by 22seven, please review our PAIA Manual located here.

You may request the correction of Personal Information 22seven holds about you. Please ensure that the information we hold about you is complete, accurate and up to date. If you fail to keep your information updated, or if your information is incorrect, 22seven may limit the products and services offered to you or elect not to open the account.

You have a right in certain circumstances to request the destruction or deletion of and,where applicable, to obtain restriction on the Processing of Personal Information held about you. If you wish to exercise this right, please contact us using the contact details set out in this Privacy Policy.

You have a right to object on reasonable grounds to the Processing of your Personal Information where the Processing is carried out in order to protect our legitimate interests or your legitimate interests, unless the law provides for such Processing.

By using our Service Channels, you acknowledge and agree to comply with the responsibilities and procedures outlined in this clause regarding the correction and accuracy of your Personal Information.

We are based in and operate from South Africa. Your information, including Personal Information, may be transferred to and maintained on servers located outside of your country of residence, where the data privacy laws, regulations and standards, may not be equivalent to the laws in your country of residence.

We might transfer your Personal Information to places outside of South Africa and store it there, where our suppliers might Process it. If that happens, your Personal Information will only be transferred to and stored in a country that has equivalent, or better, data protection legislation than South Africa or with a service provider which is subject to an agreement requiring it to comply with data protection requirements equivalent or better than those applicable in South Africa.

Your use of our Service Channels, followed by your submission of information to us, represents your consent to such transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.

Personal Information is kept for as long as you are an active customer. Once you terminate your account, we will delete your data, but may retain certain information for a limited period as required by law.

Vault22 will only retain your Personal Information for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by law. Upon termination of your account, we will securely delete your Personal Information, except where retention is required by law. All retained data is maintained under strict security controls.

Vault22 secures the integrity and confidentiality of your Personal Information by implementing appropriate, reasonable technical, physical, and organisational measures to prevent:
1. accidental loss, damage, or unauthorised destruction of Personal Information;
2. unlawful or unauthorised access to Personal Information; and
3. unlawful or unauthorised processing of Personal Information.

We conduct regular risk assessments and reviews to ensure appropriate safeguards are in place.

Unless you have disabled Cookies in your internet browser settings, we use Cookies to enhance your experience when you visit our Service Channels. Cookies are small text files stored on your computer or device that contain a unique identifier. They help us recognize you as a returning visitor, remember your preferences, and track your interactions with our Service Channels. This allows you to avoid re-entering information during your current or future visits. Additionally, Cookies enable us to deliver personalised content and information, evaluate the effectiveness of our marketing efforts, and analyse aggregated data, such as the total number of visitors and pages viewed. If you wish to reject our Cookies, you can configure your browser to do so.

This Privacy Policy must be read together with our Terms of Service, which outline the terms and conditions governing your use of our Service Channels and Services. By using our Services, you agree to both this Privacy Policy and the Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service, the provisions of this Privacy Policy will apply specifically to matters related to personal information and data protection.

If Vault22 processes Personal Information about you, you have the following rights under POPIA:
        1. Access and Correction: You have the right to access the Personal Information we hold about you and to request corrections to any inaccuracies.
        2. Object to Processing: You have the right to object to the processing of your Personal Information under certain circumstances.
        3. Withdraw Consent: You have the right to withdraw your consent at any time for any processing that requires your consent. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer Process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
        4. Marketing: You have the right to ask us not to contact you for marketing purposes. You can exercise this right at any time by  using any of the various "opt-out" options that we will always provide to you when we communicate with you. We won’t send you marketing messages if you tell us not to but we will still need to send you service-related messages.
        5. Data Deletion and Restriction: You have the right to request the deletion or restriction of your Personal Information under certain conditions.
        6. Lodge Complaints: You have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed. The contact details of the Information Regulator are in clause 15 below.

In the event of a Personal Information Breach, 22seven will adhere to its incident management policies and procedures to handle and report the breach in compliance with POPIA. This includes notifying affected Data Subjects and the Information Regulator where required.

Our Service Channels and Social Media Platforms may contain links to and from websites, mobile applications or services of third parties, advertisers or affiliates. Please note that we are not responsible for the privacy practices of such other parties and advise you to read the privacy statements of each website you visit which collects Personal Information.

Vault22 may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When changes are made, we will revise the “Last Updated” date at the top of this notice and communicate significant changes to you.

If you have any questions, comments, or concerns about this Privacy Policy, or if you wish to exercise your rights regarding your personal information, please contact us at:
Email: support@vault22.io
Physical Address: Innovation City Darter Studios, Darter Road, Long kloof, Gardens,Cape Town, 8001.

You may also contact the Information Regulator for further complaints or inquiries at the Information Regulator’s website.

This Privacy Policy is governed by the laws of the Republic of South Africa. Any disputes arising from or relating to this Privacy Policy shall be resolved in the courts of South Africa.