PRIVACY POLICY — MR BANKS CAR DETAILING
| Responsible Party | Mr Banks Car Detailing (Pty) Ltd ("Mr Banks", "we", "us", "our") |
| CIPC registration | 2025/685428/07 |
| Effective date | 16 June 2026 |
| Applies to | https://mrbankscar.co.za and the services Mr Banks provides |
| Companion documents | Website Terms and Conditions · PAIA Manual |
1. DEFINITIONS
In this Privacy Policy, unless the context indicates otherwise:
| Term | Meaning |
|---|---|
| "Data Subject" | the person to whom Personal Information relates, being a natural person and, where applicable, an existing juristic person, including our customers, the persons named on a booking, our workers and employees, our suppliers, and visitors to our website |
| "Information Officer" | the Information Officer of Mr Banks, being its head as contemplated in section 56 of POPIA |
| "Operator" | a person who processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party, as defined in section 1 of POPIA |
| "Personal Information" | information about an identifiable, living natural person, and where applicable an identifiable, existing juristic person, as defined in section 1 of POPIA, including name, identity number, date of birth, gender, residential and postal address, telephone number, email address, vehicle and licence-plate details, banking and payment details, employment information, and any photographs or correspondence about the data subject |
| "POPIA" | the Protection of Personal Information Act 4 of 2013, as amended, including its regulations |
| "Process" / "Processing" | any operation concerning Personal Information, as defined in section 1 of POPIA |
| "Regulator" | the Information Regulator (South Africa) established under section 39 of POPIA |
| "Responsible Party" | the person which determines the purpose of and means for processing Personal Information, as defined in section 1 of POPIA |
2. WHO WE ARE AND WHY THIS POLICY EXISTS
Mr Banks Car Detailing is a mobile car-wash and detailing business operating in Villiers, Frankfort and the surrounding areas of the Free State. We collect and use personal information to run that business: to book and deliver services, to invoice and record payments, and to communicate with our customers.
This Policy explains what personal information we collect and why, the legal basis on which we process it, who we share it with, how we protect it, where it is stored (including transfers outside South Africa), how long we keep it, and the rights you have under POPIA and how to exercise them. It is published in compliance with section 18 of POPIA.
We are the Responsible Party for the personal information described in this Policy. We use an information-technology service provider, Kopanong Platforms (Pty) Ltd, to build, host and maintain our business-management system. Kopanong processes personal information on our behalf and on our instruction as our Operator under a written agreement that complies with section 21 of POPIA.
3. WHAT WE COLLECT AND WHY
3.1 Customers and bookings
| What | When | Why we need it |
|---|---|---|
| Name, telephone number, residential address, suburb or township, postal code | When you book a wash (on our website, by phone, or in person) | To schedule and deliver the service, find your location, and contact you about the booking |
| Email address | Where you give it, or register a customer account | To send confirmations, invoices and account communications |
| Vehicle details (make, model, colour, year, licence plate) and a photograph of the vehicle | When we record your vehicle for servicing | To identify the correct vehicle and the service to perform |
| Booking and service history, appointment dates and status | Throughout our relationship | To manage your washes, subscriptions and reminders |
| Invoice and payment records (amounts, method, proof of payment where you provide it) | When you are billed and pay | To bill you, record payment, and keep tax records |
3.2 Website visitors and account holders
When you use our website or hold an account, we process your email address and (for account holders) a securely hashed password and login records, to operate the site and authenticate you.
3.3 Suppliers and payees
We process the names and payment details of suppliers and payees in order to pay them and to keep accurate financial records.
4. THE LEGAL BASIS ON WHICH WE PROCESS
POPIA requires that processing rest on at least one lawful basis in section 11. We rely on the following:
| Activity | Lawful basis under POPIA s11 |
|---|---|
| Booking, delivering and invoicing our services | Performance of a contract (s11(1)(b)) |
| Tax and company-law recordkeeping | Compliance with a legal obligation (s11(1)(c)) |
| Service reminders and operational SMS to customers and workers | Performance of a contract and our legitimate interests (s11(1)(b) and (f)) |
| Security, fraud prevention and audit logging | Legitimate interests (s11(1)(f)) |
| Marketing or promotional SMS or email | Consent (s11(1)(a)), opt-in only |
5. WHO WE SHARE YOUR INFORMATION WITH
We share personal information only as set out below:
(a) Our IT service provider, Kopanong Platforms (Pty) Ltd, which builds, hosts and maintains our business-management system and processes personal information on our behalf as our Operator under a section 21 agreement;
(b) Sub-operators engaged by Kopanong on our behalf, under written agreements that limit them to processing on documented instruction. The categories are:
- cloud hosting, database and file-storage providers;
- email delivery providers (for booking notifications and account emails);
- SMS delivery providers (for reminders and communications, which process the mobile numbers of customers and workers);
- image-processing providers (for processing photographs of vehicles);
- automated document-processing providers (used to help classify and structure our own financial documents, such as bank statements and receipts);
(c) A payment processor, if and when we enable online payments for our customers. Such a processor acts as a Responsible Party in its own right for the payment data it processes under the National Payment System. We do not currently take online card payments; we record payments made by EFT, cash or card machine;
(d) Professional advisors (accounting, tax, legal) under confidentiality, where necessary;
(e) SARS, regulators, courts and law-enforcement agencies, where we are legally obliged to disclose; and
(f) A successor entity in the event of a sale or restructuring of the business, subject to the new entity being bound by terms at least as protective as this Policy.
A current list of the named sub-operators is available on request to our Information Officer. We do not sell your personal information, and we do not share it with advertising networks or data brokers for their own purposes.
6. WHERE YOUR INFORMATION IS STORED — CROSS-BORDER TRANSFER
Our business-management system runs on cloud infrastructure operated by service providers located outside the Republic of South Africa, principally in the European Union (Republic of Ireland) for the operational database and file storage, and in the United States for certain hosting and optional financial-document processing. SMS delivery is processed within South Africa.
We make these transfers only in compliance with section 72 of POPIA, which permits cross-border transfers where the recipient country or the contractual arrangement provides a level of protection substantially similar to POPIA, where the transfer is necessary to perform our contract with you, or where you have consented. Where information is transferred to providers subject to the European Union General Data Protection Regulation, we rely on that adequacy basis, supported by binding written agreements (concluded by Kopanong on our behalf) that incorporate the European Commission Standard Contractual Clauses or equivalent safeguards.
7. HOW WE PROTECT YOUR INFORMATION
We, together with Kopanong as our Operator, apply the technical and organisational measures required by section 19 of POPIA, including:
- encryption in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent);
- access to data through a single trusted backend using service credentials, with no direct database access from client applications;
- securely hashed passwords, short-lived access tokens, and role-based access on the least-privilege principle;
- audit logging, backups and a documented breach-response procedure.
If we have reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and you in accordance with section 22 of POPIA.
8. HOW LONG WE KEEP YOUR INFORMATION
We keep personal information only as long as necessary for the purpose for which it was collected, or for any longer period required or permitted by law. In general:
| Category | Retention |
|---|---|
| Active customer and vehicle records | While you are an active customer |
| Customer records after the relationship ends | Up to 5 years, in line with the Tax Administration Act 28 of 2011 |
| Invoices, payments and financial records | 5 years, as required by tax law |
| Marketing opt-out records | Retained to ensure we honour your choice |
| Server logs and backups | A rolling cycle (typically up to 12 months for logs; backups overwritten on a short cycle) |
After the retention period, personal information is deleted or anonymised in accordance with section 14 of POPIA.
9. YOUR RIGHTS UNDER POPIA
You have the right to: be notified that we collect your information (this Policy provides that notice); ask whether we hold information about you and to access it (section 23); ask us to correct or delete information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained (section 24); object to processing on reasonable grounds and to object to direct marketing (section 11(3)); withdraw consent where processing is based on consent (withdrawal does not affect prior processing); not be subject to a decision based solely on automated processing that has legal consequences for you (section 71); and lodge a complaint with the Information Regulator (section 74).
To exercise any of these rights, contact our Information Officer:
Information Officer Mr Moloi Zacaria Kinki Mr Banks Car Detailing (Pty) Ltd Email: info-officer@mrbankscar.co.za Telephone: +27 62 954 3957
We will respond within a reasonable time, and in any event within 30 days. Confirming whether we hold information about you is free. Where access attracts a fee, we will give you a written estimate first.
If you are dissatisfied with our response, you may complain to:
Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Email: complaints.IR@inforegulator.org.za Website: www.inforegulator.org.za
10. DIRECT MARKETING
We send marketing or promotional messages only where you have opted in, or as otherwise permitted by section 69 of POPIA. Every marketing message lets you opt out. Operational messages (such as booking confirmations and service reminders) are part of providing the service and are not marketing.
11. CHILDREN
Our website and services are intended for adults. We do not knowingly collect personal information directly from children. Where a customer is under 18, a parent or guardian must make the booking.
12. CHANGES TO THIS POLICY
We may update this Policy from time to time. The current version is the one published at https://mrbankscar.co.za with the effective date shown above. Material changes will be posted on this page with a revised effective date.
13. CONTACT US
| Information Officer | Mr Moloi Zacaria Kinki |
| Information Regulator registration | 2026-029862 |
| info-officer@mrbankscar.co.za | |
| Telephone | +27 62 954 3957 |
| Address | 62 Madiba Section, Qalabotjha, Villiers, Free State, 9840 |