Privacy Policy

1. Introduction

Lumo Enterprise (Pty) Ltd trading as Lumo ("Lumo", "we", "us", or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our rideshare advertising platform, including our web dashboard and mobile services.

We are bound by the Protection of Personal Information Act 4 of 2013 ("POPIA") and other applicable South African privacy laws. This policy should be read together with our Terms of Service.

2. Information We Collect

2.1 Advertiser Information

• Personal details: Name, email address, phone number
• Business information: Company name, registration details, VAT number (if applicable)
• Billing information: Payment details, invoicing address
• Campaign data: Ad creatives, targeting preferences, budget allocation
• Usage data: Dashboard interactions, campaign performance metrics

2.2 Driver Information

• Personal details: Name, email address, phone number, ID number
• Vehicle information: Registration details, make, model, color
• Ride-hailing verification: Proof of affiliation with platforms like Bolt, Uber
• Banking details: Account information for payment processing
• Location data: Real-time GPS tracking during active campaigns
• Security information: Device serial numbers and installation details for theft protection

2.3 Technical Information

• Device information: Browser type, operating system, device identifiers
• Network data: IP address, connection type, location
• Usage analytics: Pages visited, time spent, click patterns
• In-car display device data: Hardware status, tamper detection, connectivity
• Cookies and tracking technologies

3. How We Use Your Information

We process your personal information for the following purposes:

3.1 Service Delivery

• Matching drivers to relevant advertising campaigns
• Managing in-car display devices and content delivery
• Tracking ad performance and generating analytics
• Processing payments and managing billing
• Providing customer support and communication

3.2 Platform Operations

• Fraud detection and prevention
• Platform security and abuse prevention
• Theft protection and device security monitoring
• Quality assurance and campaign optimization
• Legal compliance and regulatory reporting

3.3 Improvement and Analytics

• Platform performance analysis
• User experience optimization
• Product development and feature enhancement
• Market research and trend analysis

4. Lawful Basis for Processing

Under POPIA, we process your personal information based on:

• Consent: When you explicitly agree to data processing
• Contract necessity: To fulfill our service agreements
• Legitimate interest: For fraud prevention, security, theft protection, and platform improvement
• Legal obligation: To comply with applicable laws and regulations

5. Data Sharing and Third Parties

We may share your information with:

• Payment processors: For billing and payout processing
• Cloud service providers: For data storage and platform hosting
• Analytics providers: Such as Google Analytics or Mixpanel
• GPS and mapping services: For location tracking and route optimization
• Security service providers: For theft protection and device monitoring
• Legal authorities: When required by law or to protect our rights

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Staff training on data protection principles
• Secure device installation and tamper detection systems

7. Cross-Border Data Transfers

Some of our service providers may be located outside South Africa. When we transfer your data internationally, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Account information: Until account closure plus 7 years for legal compliance
• Location data: 12 months from campaign completion
• Billing records: 7 years for tax and accounting purposes
• Security logs: 24 months for theft protection and incident investigation
• Marketing data: Until you withdraw consent or opt-out

9. Your Rights Under POPIA

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Objection: Object to certain types of processing
• Portability: Request your data in a portable format
• Restriction: Limit how we process your information

10. Data Breach Protocols

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Regulator within 72 hours and inform affected individuals without undue delay.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized content and advertisements
• Ensure platform security and prevent fraud

You can control cookies through your browser settings or by using our cookie preference center.