Privacy Policy

1) Scope & definitions

This policy applies to our public website, forms, emails, social channels we control, and event-related systems we use to manage entries, communications and updates. “Personal information” has the meaning given in POPIA; “child” means a natural person under 18. Your rights as a “data subject” are set out in section 5 of POPIA.

 

2) What we collect

We may collect and process:

• Identity & contact data: names, school, role (learner/teacher/parent), email, phone.

• Participation data: division entered, set lists, stage plots, technical riders, media consent choices.

• Transaction/ops data: registrations, invoices, support requests.

• Usage & device data: IP address, browser, pages viewed, referring sites, approximate location, collected via cookies/analytics.

• Media: photos/video captured by official event media teams (subject to consent for minors).

• Special personal information: we do not aim to collect special categories; if health/allergy information is volunteered for on-site readiness, we process it narrowly for safety and only with appropriate safeguards and disclosure. (See sections 26–27 POPIA guidance on “special personal information”.)
   

3) How we collect it

• Directly from you (website forms, email, phone, event sign-ups), consistent with POPIA’s rules on collecting directly and for a specific purpose. 

• Automatically via cookies/analytics when you browse our site (see Cookies & Analytics).

• From your school (where a teacher/administrator enters teams on learners’ behalf with appropriate consents).

​

4) Why we process your information (purpose & lawful basis)

We process personal information only when a lawful ground exists under POPIA (e.g., consent, contract, legal obligation, legitimate interest/protection of the data subject). Typical purposes include: event registration and administration; communications; publishing schedules and results; reporting set lists to SAMRO; security and fraud prevention; compliance with law; and improving our services. See section 11 (consent, justification & objection).

You may object to certain processing or withdraw consent at any time, this may affect your ability to participate if the processing is necessary to run the event.

 

5) Children’s information & media consent

Because our participants are often minors, we only process children’s personal information with the consent of a competent person (parent/guardian) or where another lawful ground applies. We follow the Information Regulator’s guidance on processing personal information of children and require opt-in parental media consent via schools for images/video.

​

6) Direct marketing

We will only send direct marketing via electronic communications in line with POPIA (e.g., with consent and easy opt-out). The Information Regulator’s guidance note on direct marketing explains these requirements (including section 69 POPIA).

​

7) Cookies & analytics

We use cookies and similar technologies to operate the site, measure performance, and understand usage (e.g., page views, referral sources). You can manage cookie preferences via your browser or our banner. Some analytics tools may process data on servers outside South Africa; where that occurs, we follow section 72 (see Cross-border transfers).

​

8) Sharing & operators (service providers)

We may share personal information with:

Operators (processors) who provide hosting, ticketing, payment, analytics, email, media and event systems,only under contracts that impose security and confidentiality obligations, consistent with sections 20–21 of POPIA. 
 

Authorities where required by law (e.g., responding to lawful requests).

Event partners only where necessary for participation (e.g., university venue access lists) and subject to appropriate safeguards.

SAMRO: we submit set lists for royalty reporting as part of public-performance licensing. 
 

We do not sell personal information.

​

9) Cross-border transfers

If we transfer personal information outside South Africa (for example, where a cloud provider hosts data abroad), we will do so only when section 72 conditions are met, e.g., the recipient is subject to a law, binding corporate rules or contract that provides an adequate level of protection; or you consent; or the transfer is necessary for contract performance.

​

10) Security safeguards

We implement reasonable, appropriate technical and organisational measures to protect personal information against loss, unauthorised access, or disclosure, in line with sections 19–21 of POPIA (including due diligence of our operators).

​

If we become aware of a security compromise that may affect you, we will notify you and the Information Regulator in the manner required by section 22 and follow the Regulator’s notification guidance.

​

11) Retention

We retain personal information only as long as necessary for the purposes described (e.g., running the tournament, resolving queries, meeting legal/accounting obligations), after which we de-identify or securely delete it in line with our retention schedule.

​

12) Your rights

Under POPIA, you have rights including to be informed, access personal information we hold about you, request correction or deletion, object to processing, withdraw consent, and lodge a complaint with the Information Regulator. See section 5 (rights of data subjects).

​

You can also request access to records under the Promotion of Access to Information Act (PAIA). Private bodies must publish a PAIA Manual explaining how to request records; our PAIA Manual will be available on request or via our website.

​

13) How to exercise your rights

Please submit requests to our Information Officer (see Contacts). We may need to verify your identity and, for child participants, confirm guardian authority. For PAIA requests, please consult the PAIA Manual for the prescribed process and forms.

​

14) Third-party links

Our site may link to third-party sites (e.g., ticketing, universities, partners). Those sites have their own privacy policies; we are not responsible for their practices.

​

15) Changes to this policy

We may update this policy periodically. Material changes will be posted here with a new effective date and, where appropriate, communicated to registered schools.

​

16) Contacts

Information Officer: Mr Gabriel Cumpsty
Email: gabriel@amplifysa.co.za
Postal address: 299 Main Road, Tokai, Cape Town, 7945