StockPass

Legal

Privacy Policy

How we collect, use, and protect your personal information

Version 1.0 · Effective Date: 15 February 2026 · Last Updated: 15 February 2026

1. Introduction

StockPass is a digital platform for managing Foot and Mouth Disease (FMD) movement permits and outbreak reporting in South Africa, operated and maintained by Reisiger Engineering (Pty) Ltd (“Reisiger”, “we”, “us”, or “our”). Reisiger is the designated recipient and processor of all data submitted through the Platform. This Privacy Policy explains how we collect, process, use, disclose, store, and protect your personal information across the StockPass web application and related services (collectively, the “Platform”).

This policy is governed by:

  • The Protection of Personal Information Act (POPIA), Act 4 of 2013
  • The General Data Protection Regulation (GDPR), where applicable
  • The Electronic Communications and Transactions Act, Act 25 of 2002
  • The Promotion of Access to Information Act, Act 2 of 2000

By using the Platform and submitting any data, you expressly consent to the collection, processing, use, storage, and sharing of your data by Reisiger Engineering (Pty) Ltd in any form, for any purpose related to the operation, improvement, and commercialisation of the Platform and related services.

2. Scope

This Policy applies to:

  • All users of the StockPass Platform, including individuals, farmers, cooperatives, institutions, and government partners
  • All data collected directly or indirectly through the Platform or affiliated systems
  • All subsidiaries and technical partners acting on our behalf under lawful data processing agreements

3. Information We Collect

3.1 Personal Information

Categories of personal data collected include:

  • Identity Information: Full name, ID or passport number, date of birth, gender, nationality
  • Contact Information: Email address, phone number, postal and physical address, farm or business location
  • Professional & Agricultural Data: Farm or business type, crop and livestock information, landholding details, production statistics, membership associations, agricultural qualifications
  • Account & Subscription Data: Username, password, preferences, account tier, communication settings, and service usage

3.2 Automatically Collected Information

When accessing the Platform:

  • Device & Usage Data: IP address, browser type, operating system, device identifiers, app version, language settings, time zone, and activity logs
  • Interaction Data: Pages visited, time spent, modules accessed, search queries, interaction frequency, and analytic events
  • Geolocation Data: GPS coordinates (with consent), IP-based region, and optional farm or business coordinates for spatial mapping

3.3 Third-Party Data Sources

StockPass may integrate data from secure, licensed sources including:

  • Government and Public Entities: Chief Surveyor General (CSG), Department of Agriculture, provincial veterinary authorities, and Statistics South Africa
  • Private and Commercial Providers: Weather and satellite imagery services, geospatial data providers, and agricultural cooperatives

All third-party integrations comply with data-sharing agreements, and data is anonymized before analytical use whenever possible.

4. How We Use Your Information

Information is processed for legitimate, lawful, and defined purposes:

4.1 Service Provision

  • Account registration, authentication, and access management
  • Processing and managing movement permit applications
  • Providing outbreak monitoring dashboards, real-time alerts, and geospatial mapping
  • Generating statistical insights for agricultural stakeholders and veterinary authorities

4.2 Platform Improvement

  • Conducting performance analytics and user experience optimization
  • Testing new features and enhancing data quality
  • Improving interoperability between Platform modules

4.3 Communications

  • Sending service updates, security alerts, and permit status notifications
  • Providing technical and customer support
  • Issuing policy and compliance notices

4.4 Compliance, Legal, and Safety

  • Fulfilling regulatory, tax, and financial reporting obligations
  • Cooperating with lawful investigations
  • Preventing fraud, misuse, and unauthorized access
  • Protecting the rights, property, and safety of users and the Platform operator

5. Legal Basis for Processing

Under POPIA and GDPR, personal data is processed on these bases:

  • Consent: for marketing communications, cookies, and optional location tracking
  • Contractual Necessity: to perform Platform functions and deliver subscribed services
  • Legal Obligation: to comply with statutory and regulatory requirements
  • Legitimate Interest: for security, performance monitoring, and product improvement

6. Data Sharing and Disclosure

Personal information is shared in accordance with strict confidentiality, data processing agreements, and legal safeguards.

6.1 Authorized Recipients

  • Cloud Infrastructure: Hosted within South Africa on secure cloud providers
  • Service Providers: Analytics, geospatial, communication, and payment vendors
  • Government Partners: Provincial veterinary authorities and regulatory bodies as required for permit processing
  • Research Partners: Universities, think tanks, and agricultural bodies (with anonymization)
  • Regulators and Law Enforcement: Only under lawful mandate

6.2 Prohibited Actions

We do not:

  • Sell or rent user data
  • Share user data for unrelated commercial marketing
  • Disclose proprietary farm or spatial data to competitors
  • Transfer data internationally without POPIA-compliant safeguards

7. Data Retention and Destruction

Data TypeRetention PeriodPost-Retention Action
Active AccountsAccount lifespan + 5 yearsSecure deletion or anonymization
Permit Records7 years (regulatory compliance)Archived and encrypted
Analytics & Logs2 yearsAggregated for research
Security & Access Logs90 daysPurged and replaced

All deletion is conducted in accordance with ISO/IEC 27001 standards.

8. Your Rights Under POPIA

You have the right to:

  • Access: Request copies of your personal information
  • Rectification: Correct or update inaccurate data
  • Erasure: Request deletion (“right to be forgotten”)
  • Restriction: Limit data processing under specific circumstances
  • Objection: Opt out of direct marketing or profiling
  • Portability: Request transfer of your data in a structured format
  • Withdrawal: Revoke previously given consent

Requests must be submitted in writing and will be responded to within 30 business days.

9. Data Security

A multi-layered security framework combines organisational, technical, and physical controls:

  • Encryption (AES-256 at rest, TLS 1.3 in transit)
  • Multi-factor authentication and role-based permissions
  • Secure audit trails and intrusion detection systems
  • Regular penetration testing and vulnerability assessments
  • Employee confidentiality and data handling training

In the event of a data breach:

  • Notification to the Information Regulator within 72 hours
  • Prompt communication to affected users
  • Disclosure of incident details, risks, and mitigation measures

10. Cross-Border Data Transfers

All personal data is stored within South Africa, ensuring full data sovereignty. International transfers (e.g., global weather APIs) are limited, documented, and protected by:

  • Standard Contractual Clauses (GDPR)
  • Binding Data Processing Agreements
  • Explicit user consent where required

No data is transferred to jurisdictions lacking adequate protection.

11. Complaints and Dispute Resolution

External Authority:
Information Regulator (South Africa)

  • Email: inforeg@justice.gov.za
  • Phone: +27 10 023 5200
  • Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

12. Updates to This Policy

This policy may be updated periodically to:

  • Reflect Platform and service changes
  • Incorporate legislative or regulatory amendments
  • Improve clarity or accuracy

Material changes will be communicated via public notice on the website and direct email to registered users, effective 30 days from notification.

13. Consent and Waiver

By accessing or using the Platform, creating an account, or submitting any data (including but not limited to personal information, farm details, permit applications, and geolocation data), you:

  • Grant Reisiger Engineering (Pty) Ltd an irrevocable, perpetual, royalty-free, worldwide licence to use, process, store, analyse, aggregate, modify, redistribute, and sublicence your data in any form and for any purpose connected to the Platform, its services, or related products
  • Acknowledge that Reisiger Engineering (Pty) Ltd shall not be held liable for any loss, damage, claim, or expense (whether direct, indirect, incidental, consequential, or otherwise) arising from or in connection with the use, processing, storage, or disclosure of data submitted through the Platform
  • Waive any and all rights to institute legal proceedings, claims, or demands of any nature against Reisiger Engineering (Pty) Ltd, its directors, employees, contractors, and affiliates in respect of any matter arising from the collection, processing, use, disclosure, or storage of data submitted through the Platform
  • Accept that this waiver and consent shall survive termination of your account or cessation of your use of the Platform

14. Disclaimer

This Privacy Policy forms part of the StockPass Terms of Service. By using the Platform, you acknowledge having read, understood, and agreed to these terms. The Platform is provided “as is” without warranty of any kind, and Reisiger Engineering (Pty) Ltd disclaims all liability arising from the use of or reliance on the Platform or the data processed through it.