DF Akademie
About Us

Privacy Policy

1. Who We Are

Bookaroo is an online ticketing facilitation platform operated by FlowIQ (Pty) Ltd (Registration Number: 2025/503612/07).

For the purposes of the Protection of Personal Information Act, 2013 (POPIA), FlowIQ is the Responsible Party for personal information processed through the Bookaroo platform.

Contact Details:

Email: support@bookaroo.co.za

Website: https://www.bookaroo.co.za

2. Information Officer

For formal privacy inquiries and data subject requests, contact:

Jonathan Nel (Information Officer)

Email: legal@flowiq.africa

3. Information We Collect

When using Bookaroo, we collect personal information including:

Identity and Contact Information

  • Full name and surname
  • Email address
  • Phone number

Transaction and Payment Information

  • Event booking details
  • Purchase history and transaction records
  • Payment method information (processed by our payment processor, Paystack)
  • Invoice and receipt records

Technical and Usage Information

  • IP address
  • Browser type and operating system
  • Website usage analytics
  • Pages visited and time spent
  • Cookies and similar tracking technologies

Behavioral Information

  • Communication preferences
  • Service feedback

From Other Sources

  • Information from event organisers (when you book their events)
  • Information from payment processors and service providers

Sensitive Personal Information

We do not intentionally collect special categories of personal information (such as race, ethnicity, religious beliefs, political affiliations, or biometric data) unless you voluntarily provide it with your explicit consent or processing is required by law.

4. How We Use Your Information

We use personal information to:

  • Process event bookings and manage transactions
  • Send booking confirmations, updates, and customer support responses
  • Facilitate communication between you and event organisers
  • Process payments securely
  • Improve and optimize our platform
  • Comply with legal and regulatory obligations
  • Prevent fraud and protect security
  • Send marketing communications where permitted by law and where you have opted in or have not opted out where applicable.
  • Understand how public pages and booking flows are used, identify errors, monitor performance, and improve the Bookaroo service

Lawful Basis for Processing

We process your personal information based on one or more of:

  • Consent — you have voluntarily consented to the processing
  • Contract Performance — processing is necessary to provide our services
  • Legal Obligation — we are required by law to process the information
  • Legitimate Interests — processing is necessary for our legitimate business interests (such as fraud prevention, security, and service improvement)

5. Who We Share Your Information With

Personal information may be shared with:

Event Organisers

Event organisers receive information necessary to manage their events, including your name, email, phone number, and booking details.

Payment Processors

Payments are processed through Paystack. We share your name, email, and transaction details to process payments securely. Paystack does not store full payment card details.

Service Providers

We use trusted service providers to operate the platform, including:

  • Cloud hosting and infrastructure providers
  • Customer support platforms
  • Analytics services
  • Email and SMS providers
  • Identity verification services
  • Security and fraud prevention services

These providers only process information as required to deliver the service and are contractually required to maintain confidentiality.

Law Enforcement and Legal Authorities

We may disclose personal information when required by law, court order, or to protect the security or integrity of our platform.

Business Transfers

If Bookaroo is involved in a merger, acquisition, or similar transaction, your personal information may be transferred as part of that transaction.

Aggregated and De-identified Information

We may share aggregated, anonymized, or de-identified information (that cannot identify you) for market research, analytics, and reporting.

No Sale of Personal Information

Bookaroo does not sell personal information to third parties for their independent commercial purposes.

6. International Data Transfers

Your personal information may be processed outside South Africa for cloud hosting, service provision and business operations. Where this happens, we apply appropriate safeguards in line with section 72 of POPIA, including (where applicable) data subject consent, contractual safeguards equivalent to POPIA, or transfers to jurisdictions with adequate data protection laws. The third-party service providers we currently use to operate the Bookaroo platform include: payment processing (Paystack); email delivery (Brevo); cloud hosting and infrastructure (Vercel); database and backend services (Supabase); analytics and performance monitoring tools (Microsoft); code hosting and security tools; and messaging services (e.g. WhatsApp integrations). These providers process personal information only as necessary to deliver their services and are required to maintain appropriate confidentiality and data-protection safeguards equivalent in substance to POPIA.

Transfer Safeguards

Where we transfer personal information outside South Africa (including to countries without adequate data protection), we implement the following safeguards:

Standard Contractual Clauses

We use legally binding Standard Contractual Clauses with third-party recipients to ensure equivalent protection of your information and enforceable rights.

Your Rights

You have the right to:

  • Request information about safeguards protecting your data in transfer
  • Obtain copies of transfer agreements (with commercially sensitive information redacted)
  • Lodge a complaint with the Information Regulator if you believe your rights are violated

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate Bookaroo, support the booking process, improve platform performance, and understand how visitors use our public pages.

Some cookies and browser storage are necessary for Bookaroo to function correctly. These may be used to route you to the correct event organiser or tenant site, maintain the booking process, support payment handoff, prevent misuse, and help you resume a booking if your payment is interrupted or cancelled.

During a booking, we may temporarily store limited booking information in your browser, such as selected tickets, selected seats, order reference details, and contact details entered during checkout. This is used to help complete or resume your booking and is not used for advertising purposes.

We may also use analytics and performance tools, such as Microsoft Clarity, Vercel Analytics, and Vercel Speed Insights, to understand how visitors interact with Bookaroo, identify errors, improve page performance, and improve the booking experience. These tools may collect information such as pages visited, device and browser type, approximate location, referral source, interactions with the website, and performance metrics.

Where required, optional analytics cookies and similar tracking technologies will only be used with your consent. You can accept, reject, or manage optional cookies through our cookie banner or preference tool.

We do not currently use cookies for targeted advertising, retargeting, or behavioural advertising.

You can also control or delete cookies through your browser settings. If you disable strictly necessary cookies, some parts of Bookaroo, including event booking, payment handoff, ticket access, or tenant routing, may not work correctly.

Cookie Consent

When you first visit our website, you may see a cookie consent banner that explains the difference between necessary cookies and optional analytics cookies.

The banner may allow you to:

  • accept optional analytics cookies;
  • reject optional analytics cookies;
  • manage your cookie preferences; and
  • access this Privacy Policy.

Strictly necessary cookies cannot be disabled through the cookie banner because they are required for Bookaroo to operate securely and correctly.

You may manage your cookie preferences at any time by using the cookie preference tool, adjusting your browser settings, or contacting us at support@bookaroo.co.za.

8. Data Retention

Your Right to Deletion

You have the right to request deletion of your personal information. Requests will be evaluated against legal retention obligations, ongoing contractual obligations, and legitimate business interests. We will inform you of the outcome within 30 days.

9. Your Rights

Under POPIA, you have the following rights:

Right of Access

You can request confirmation of whether we process your personal information and obtain a copy in a structured, machine-readable format.

Right to Correct

You can request correction or amendment of inaccurate information.

Right to Delete

You can request deletion of your personal information under certain circumstances (where it is no longer necessary, you withdraw consent, processing is unlawful, or legal deletion requirements apply).

Right to Restrict Processing

You can request restriction of processing while you contest accuracy or processing is unlawful.

Right to Object

You can object to processing for direct marketing, profiling, or based on legitimate interests.

Right to Data Portability

You can receive your personal information in a portable, machine-readable format for transfer to another provider.

Right to Lodge a Complaint

You can lodge a complaint with the Information Regulator if you believe your rights have been violated.

How to Exercise Your Rights

Submit Your Request

Send a formal written request to:

Email: legal@flowiq.africa

Subject Line: "Data Subject Request - [Your Full Name]"

Include in your request:

  • Your full name and registered email address
  • The specific right you are exercising
  • A detailed description of your request
  • Any supporting documentation

Identity Verification

To protect your privacy, we will request identification verification. This typically requires 5–7 business days.

Response Timeline

We are committed to responding promptly:

Type of RequestTimeline
Right of Access10 business days
Right to Correct10 business days
Right to Delete15 business days
Right to Restrict10 business days
Right to Object5 business days
Right to Portability15 business days

For complex requests, we may extend the timeline by up to 30 days. You will be notified of any extension.

Appeal Process

If your request is refused, we will provide written reasons and explain the legal basis for refusal. You will be informed of your right to lodge a complaint with the Information Regulator.

10. Data Security

If you access booking confirmations, tickets, or links sent to you by email, SMS, or WhatsApp, you should keep those links secure and avoid sharing them with people who should not have access to your booking.

Limitation on Security

While we implement industry-standard measures, no system is completely secure. We cannot guarantee absolute security of your personal information.

11. Data Breach Notification

What is a Data Breach?

A "Personal Data Breach" is an unauthorized or accidental event resulting in:

  • Destruction of personal information
  • Loss of personal information
  • Alteration of personal information
  • Unauthorized disclosure or access

Our Notification Obligations

Internal Notification (72 Hours)

If we discover a breach affecting your personal information, we will:

  1. Conduct an immediate investigation
  2. Take steps to contain and prevent further unauthorized processing
  3. Notify the Information Regulator within 72 hours of discovery (unless unlikely to result in harm)
  4. Document the breach, including:
    • Date and time of discovery
    • Categories of data affected
    • Number of data subjects affected
    • Likely consequences
    • Measures taken to respond

Notification to You

If the breach is likely to result in high risk to your rights and freedoms, we will notify you:

  • Timing: Without undue delay (as soon as possible)
  • Method: Email, SMS, or written notice by mail
  • Content:
  • Nature of the breach
  • Personal information affected
  • Likely consequences
  • Measures we have taken
  • Your rights and remedies
  • Contact information for more information

Exceptions to Notification

We may delay notification if law enforcement requests delay for their investigation or delaying notification is necessary for security reasons.

Your Right to Remedy

If your personal information is compromised in a breach, you have the right to:

  • Lodge a complaint with the Information Regulator
  • Seek damages for material or non-material harm
  • Receive information about our response measures

12. Direct Marketing Communications

We may send you marketing communications (email, SMS, push notifications) to inform you about new events, features, special offers, and discounts.

Transactional Communications

We will continue to send transactional communications regardless of marketing preferences (account confirmations, booking confirmations, invoices, payment receipts, service updates, security notices). These are necessary for account management and cannot be disabled.

13. Third-Party Links and Integrations

This Privacy Policy applies only to Bookaroo and does not cover:

  • Third-party websites linked from our site
  • Third-party services integrated with Bookaroo
  • Social media platforms where you access Bookaroo content

We encourage you to review the privacy policies of third parties before providing them with personal information.

Event Organiser Relationships

Event organisers are independent data controllers. We are not responsible for their privacy practices, use of your information, or security measures. We encourage you to review each organiser’s privacy policy before booking.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new laws or regulations, or to improve clarity.

Material changes include:

  • New categories of personal information collected
  • New or different purposes for processing
  • Changes in data sharing practices
  • Changes to your rights or opt-out mechanisms
  • Changes in data retention periods

We will notify you of material changes by:

  • Posting the updated policy on our website with the new "Last Updated" date
  • Sending you an email notification (if the change materially affects your rights)
  • Requiring your explicit consent (if required by law)

Your continued use of Bookaroo after policy changes constitutes acceptance of the updated policy. If you disagree, you have the right to:

  • Request deletion of your account and personal information
  • Opt-out of specific processing activities
  • Lodge a complaint with the Information Regulator

15. Complaints and Dispute Resolution

If you believe your privacy rights have been violated:

Step 1: Internal Complaint

Submit a written complaint to our Information Officer at legal@flowiq.africa with details of the alleged violation and requested remedy. We will investigate and respond within 15 business days.

Step 2: Internal Review

If unsatisfied with the initial response, you can request a formal internal review. Additional review will be completed within 15 business days.

Step 3: Information Regulator Complaint

If still unsatisfied, you may lodge a complaint with:

Information Regulator (South Africa)

Email: complaints@inforegulator.org.za

Telephone: +27 10 023 5207

Website: https://www.inforegulator.org.za

Postal Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Step 4: Legal Action

You may pursue legal remedies through the courts.

All complaints will be recorded, investigated thoroughly and impartially, and handled with appropriate confidentiality.

16. Contact Information

General Inquiries:

Email: support@bookaroo.co.za

Website: https://www.bookaroo.co.za

We will respond to general inquiries within 5 business days.

Information Officer (Formal Requests):

Jonathan Nel

Email: legal@flowiq.africa

Document Control

ItemDetail
Policy Version3.0 (Final)
Effective Date7 April 2026
Last Updated7 April 2026
Next Review Date7 April 2027
Responsible OfficerJonathan Nel (Information Officer)
Approval AuthorityFlowIQ (Pty) Ltd Management

END OF PRIVACY POLICY

This Privacy Policy complies with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) and incorporates all critical data protection requirements including POPIA Section 18 collection notice, lawful basis for processing, cross-border transfer safeguards, cookie policy with opt-outs, 72-hour breach notification procedure, data retention schedule, and data subject rights under POPIA Sections 23–25.