POPIA & Data

Information Officer & Data Subject Rights

Version 1.3 · Effective 2026-05-28 · Last updated 2026-05-28

The person responsible for data protection at Social Bounty, and a plain-English guide to exercising your POPIA rights to see, correct, or delete the personal information we hold about you.

Working draft. This document is a first draft intended for internal review. It must be reviewed by an admitted South African attorney before it governs a live user relationship.
On this page7 sections

Who our Information Officer is

Under sections 55 and 56 of the Protection of Personal Information Act 4 of 2013 (POPIA), every responsible party must appoint an Information Officer. The role carries specific statutory duties: encouraging compliance with POPIA, dealing with data-subject requests, working with the Information Regulator on investigations, ensuring a Personal Information Impact Assessment is done, and developing and updating our internal POPIA compliance framework.

At Social Bounty, the Information Officer is:

  • Name: Nicholas Paul Carl Schreiber
  • Role: Director (Acting Information Officer)
  • Email: privacy@socialbounty.cash
  • Postal address: 2 Alyth Road, Forest Town, Johannesburg, Gauteng, 2193, South Africa

POPIA makes the head of a private body the Information Officer by default (section 1(1)(b) of PAIA, read with section 55(1) of POPIA). As Social Bounty (Pty) Ltd is a small owner-managed company, the director holding that role is also the acting Information Officer. Registration of the Information Officer with the Information Regulator, as required by POPIA Regulation 4(1), has been completed (or is in progress — if that status changes we will update this page).

We do not currently have a separate Deputy Information Officer. As the platform grows we will appoint one and publish their details here.

Your rights at a glance

POPIA gives you a defined set of rights over the personal information a responsible party holds about you. Here they are in plain English.

The right to know (section 18)

We must tell you what personal information we hold about you, why we collected it, and who we share it with. Our Privacy Policy sets this out in detail and is treated as the section 18 notification for anyone who uses the platform.

The right of access (section 23)

You can ask us whether we hold personal information about you and, if we do, to give you a copy. We will tell you what categories of data we hold, the purposes for which we use it, who we share it with, and how long we keep it.

The right to correction and deletion (section 24)

You can ask us to correct personal information that is inaccurate, out of date, misleading, or incomplete, and to delete information that is no longer needed or that we no longer have authority to keep. We keep some categories — especially financial records — for the statutory period the Tax Administration Act 28 of 2011 requires (seven years), so a deletion request may be partially fulfilled rather than all-or-nothing.

The right to data portability (section 25)

Where we process your personal information by automated means on the basis of your consent or a contract with you, you can ask us to give you the data in a structured, commonly used electronic format (typically JSON or CSV). We will do so for data you supplied to us directly.

The right to object (section 11(3))

You can object to processing based on legitimate interest or direct marketing. We will stop unless we have a lawful ground to continue that overrides the objection.

The right not to be subject to automated decision-making (section 71)

Social Bounty uses automated checks to verify social-post submissions against bounty rules. In rare cases — after two consecutive failed post-visibility checks — the platform acts: before a hunter has been paid it may refund the still-escrowed payout to the brand, and after a hunter has been paid it may open a repayment liability and set it off against the hunter's future earnings (see clause 12 of the Terms of Service). These are automated decisions that may affect you. You can ask us to review any such decision manually by emailing the Information Officer, and we will review it promptly. The rules that drive the automatic checks are set out in the bounty terms you see before you submit.

The right to withdraw consent (section 11(2))

Where we process your data on the basis of consent (for example optional analytics cookies), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing we did before you withdrew.

The right to complain (section 74)

If you think we have mishandled your personal information you can complain to the Information Regulator — see the "Complain to the Information Regulator" section below.

How to make a request

Send your request by email to privacy@socialbounty.cash. You can use the template below, or write your own — what matters is that we can identify you and understand what you are asking for.

Email template

To: privacy@socialbounty.cash Subject: POPIA data-subject request — [Access / Correction / Deletion / Portability / Objection] Hello, I am submitting a request under POPIA section [23 / 24 / 25 / 11(3)]. My details: - Full name: - Email address on my Social Bounty account: - User role (Hunter / Brand Admin): Nature of the request: - [Describe what you want — a copy of your data, a specific correction, deletion of a particular category of data, etc.] Preferred format for any records returned: [PDF / JSON / CSV] Thank you. [Your name]

Information we need to verify your identity

Before releasing personal information we must be satisfied that you are who you say you are. In most cases we will ask you to send the request from the email address on your account, and to answer one or two questions only you would know (for example, the approximate date of your last bounty). For more sensitive requests we may ask for a government-issued identity document. We will minimise what we ask for — just enough to avoid releasing your data to the wrong person.

Our response time

We will respond within thirty (30) days, as required by POPIA Regulation 3 read with section 24 of PAIA (which POPIA adopts for these requests). If the request is complex we may extend the period once by a further thirty (30) days; we will tell you if we need to.

Requests on behalf of someone else

If you are submitting a request on behalf of another person — for example a parent for a minor, or an attorney for a client — please attach proof of your authority (birth certificate, court order, power of attorney, or signed mandate).

Fees

Your first access, correction, deletion, or portability request in any twelve-month period is free. For additional requests, or for requests that are manifestly excessive or repetitive, we may charge a reasonable fee to cover the cost of processing the request. We will give you a written estimate before we start the work, and you can decline or narrow the scope at that point.

Objections and consent withdrawals are always free.

For records held in paper form or requiring significant retrieval work (for example, historical audit records), the fees in the PAIA Regulations apply. See our PAIA Manual for details.

When we may refuse, and what to do if we do

We may refuse a request in a small number of situations, including:

  • We cannot verify your identity with the information you have provided. In that case we will ask for additional verification before refusing.
  • The request is manifestly unfounded or excessive (for example the same deletion request repeated multiple times with no change in circumstances).
  • Complying would prejudice another person's personal information — for example if granting access would disclose information about a third party who has not consented.
  • Complying would compromise an active fraud or abuse investigation, or would require us to destroy records we are legally required to retain (such as financial records under the Tax Administration Act 28 of 2011).
  • The request falls within one of the grounds for refusal in Chapter 4 of PAIA — see our PAIA Manual for the full list.

If we refuse, we will tell you the reason and explain the appeal route. You can ask us to reconsider by replying to the refusal with any additional information or reasons, and you can escalate to the Information Regulator (see below).

Complain to the Information Regulator

If we have refused a request, failed to respond in time, or in your view mishandled your personal information, you may complain to the Information Regulator of South Africa under POPIA section 74.

The Regulator publishes the complaint form and current procedures on its website. You do not need to exhaust our internal route before going to the Regulator, although we would appreciate the chance to put things right first. If you would prefer to raise a service complaint (rather than a POPIA complaint) with us directly, see our Complaints & Dispute Resolution page.

← Back to LegalContact us