STAGING — geen werklike geld of e-pos / no real money or mail
Privacy

POPIA notice

Randburg Alumni NPC (registration number 2025/474429/08, "we") is registered as a Responsible Party under POPIA. This notice explains what personal information we collect, why, who we share it with, and how to exercise your rights.

What we collect

  • Identity: full name, email, matric year, phone (optional), city/town (optional).
  • Financial: monthly contribution amount, payment method, and transaction history. Card details are never stored by us — PayFast handles them directly.
  • Profile preferences: whether your name appears on the alumni list, whether your amount is shown publicly, whether you receive marketing email.
  • Donor wall: when you contribute to a project, your name, date, and amount appear on the project's public page. A message is optional and only shown after an admin approves it.
  • Sign-in: we email you a single-use link ("magic link"). No password is stored. If you request a link for an email we don't know, we create an empty profile so the link can work — you can fill it in later or have the record removed.

Who we share it with

  • PayFast — card payments and recurring debit orders. Your card details go directly to them, not through our system.
  • First National Bank (FNB) — receives EFT payments into the Randburg Alumni NPC account. You supply your own reference; we link it to your profile manually once the funds clear.
  • Resend — sends our transactional email (magic links, welcome).
  • We never sell, rent, or trade your information with any marketing partner.

How long we keep it

  • Profile: until you anonymise it or ask us to remove it.
  • Financial records: 7 years, as required by SARS and the Companies Act.
  • Audit log (who changed what, when): for the lifetime of the NPC; required for accountability.

Your rights

  • Access: download a complete export (JSON) of everything we hold about you.
  • Correction: edit name, matric year, phone, location, preferences on your profile page.
  • Right to be forgotten: anonymise your record — name disappears from the alumni list and donor wall, financial totals remain anonymised for SARS audit.
  • Withdraw consent: stop marketing email on your profile page, or email us.
  • Complain to the Information Regulator (inforegulator.org.za) if we don't respond.

Security

Traffic to the site is encrypted (HTTPS / TLS). Sign-in is via single-use links, not passwords. Our database runs on a server in Europe (Hetzner) with strict access control. If an incident exposes your information, we will notify you and the Information Regulator within 72 hours.

Contact

Information officer: Thiart van der Merwe
info@oudrandjies.co.za

Last updated: 2026-05-12