Large Call to Action Headline

Privacy Policy for Mumbi.africa

Last Updated: May 9, 2025

Mumbi.africa ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit

our website https://mumbi.africa (the "Website"), and use our services, in compliance with the Protection of Personal Information Act (POPIA) of South Africa.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Website or use our services.

1. Introduction and Scope

This Privacy Policy applies to all personal information collected through our Website and services, including but not limited to:

Double-Trust Structure & AdministrationBuild a Legacy Paperback & Trust Master Class (and digital editions)Building a Legacy for your Family and Creating Inter-generation WealthEntity & Risk ManagementProperty Presentation, Finance, and RegistrationRental ManagementInformation submitted via our contact forms or when scheduling appointments.Information provided during the purchase of products or services.

2. What Personal Information We Collect

We may collect personal information from you in a variety of ways, including when you:

Visit our Website Register for an account or service Purchase products (e.g., "Build a Legacy Paperback," "Trust Masterclass")Contact us via our contact forms or emailSchedule an appointmentSubscribe to newsletters or other communications

The types of personal information we may collect include:

Identity Data: Full name, title, date of birth, and other identifiers.Contact Data: Email address, telephone numbers, physical address, and postal address.Financial Data: Bank account and payment card details (when you make a purchase). Please note that payment processing may be handled by third-party payment gateways, and we typically do not store full payment card details.Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us. Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. Usage Data: Information about how you use our Website, products, and services. Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences. Information for Service Delivery: Depending on the services you engage us for (e.g., Double-Trust Structure, Entity & Risk Management, Property services), we may collect more detailed personal information necessary to fulfill those services. This could include information relating to your race or ethnic origin (if voluntarily provided or legally required for specific services like BEE verification), marital status, financial history, employment history, or other information relevant to the service being provided. We will only collect such information with your explicit consent or as permitted by law.

Special Personal Information:

We generally do not intend to collect special personal information (as defined by POPIA, such as

religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, or biometric

information) unless it is necessary for the specific services you request (e.g., demographic information for specific legal or financial structures) and is provided with your explicit consent or as otherwise permitted by law.

3. How We Use Your Personal Information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

To Provide and Manage Services: To register you as a new customer, process and deliver your orders (including managing payments, fees, and charges), and manage our relationship with you (e.g., responding to inquiries, scheduling appointments).To Improve Our Website and Services: To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data), and to improve our Website, products/services, marketing, customer relationships, and experiences. To Communicate With You: To manage our relationship with you, which will include notifying you about changes to our terms or privacy policy, and sending you information you have requested. For Marketing Purposes: To provide you with information about our services, promotions, and events that may be of interest to you, where you have consented to receive such information. You can opt-out of marketing communications at any time.To Comply With Legal Obligations: To comply with any legal or regulatory obligations imposed on us.For Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Purpose Specification:

We will only collect personal information for a specific, explicit, and lawful purpose related to our services and operations. We will not retain personal information for longer than is necessary to achieve the purpose for which it was collected, unless required by law.

4. Lawful Basis for Processing

Under POPIA, we process your personal information based on one or more of the following lawful bases:

Consent: Where you have given us explicit consent to process your personal information for a specific purpose.Contract: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.Legitimate Interests: Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. Protection of a Legitimate Interest of the Data Subject: Where processing protects a legitimate interest of the data subject.

5. Disclosure of Your Personal Information

We may have to share your personal information with the parties set out below for the purposes set

out in section 3:

Service Providers: Third-party service providers who provide services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. These providers are contractually bound to protect your information and use it only for the services we request. Professional Advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.Regulatory Authorities: The South African Information Regulator or other regulatory authorities where we are required to do so by law or to protect our rights. Third Parties in Business Transfers: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

International Transfers:

Your personal information may be transferred to, and processed in, countries other than South Africa. If we transfer your personal information outside of South Africa, we will ensure that such transfers are lawful and that your personal information is adequately protected, in compliance with POPIA requirements, by ensuring that appropriate safeguards are in place (e.g., by using specific contracts approved by the Information Regulator or ensuring the recipient country has adequate data protection laws).

6. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures

aim to prevent

your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.

These measures include:

Physical security controlsComputer and network securityAccess controls to personal informationSecure communicationsRegular review and updating of our security controls and processes.

In the event of a data breach, we will notify you and the Information Regulator as required by POPIA.

7. Data Retention

We will

only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized

use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Once the purpose for which

personal information was collected is no longer relevant, and we are no longer legally required to retain it, we will securely destroy, delete, or de-identify it.

8. Your Rights as a Data Subject

Under POPIA, you have the following rights regarding your personal information:

Right to be Notified: You have the right to be notified that your personal information is being collected and if your personal information has been accessed or acquired by an unauthorized person.Right of Access: You have the right to request access to the personal information we hold about you.Right to Rectification: You have the right to request correction of inaccurate, irrelevant, excessive, outdated, incomplete, misleading, or unlawfully obtained personal information. Right to Erasure (Deletion) / Destruction: You have the right to request the destruction or deletion of your personal information where it is no longer authorized for us to retain it.Right to Object: You have the right to object to the processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides for such processing. You also have the right to object to the processing of personal information for direct marketing purposes. Right to Restrict Processing: You have the right to request the restriction of processing of your personal information in certain circumstances. Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to request that we transmit this data directly to another controller, where technically feasible. Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal. Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Regulator if you believe that we have not complied with POPIA.

To exercise any of these rights, please contact our Information Officer using the

details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights).

9. Cookies and Tracking Technologies

Our Website

may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie

Policy (if applicable, or a relevant section here can be expanded). Typically, cookies help us improve our Website and deliver a more personalized service.

10. Children's Privacy

Our Website and services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information

from our servers.

11. Information Officer

We have appointed an Information Officer who is responsible for overseeing questions in relation to this Privacy Policy and

our compliance with POPIA. If you

have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the Information Officer using the details set out below:

[You will need to insert the

Name/Title of Information Officer: Chomba Chuma

Email: [email protected]

Postal Address:P. O. Box 922, Isando 1600

Telephone Number: +27105021866

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated

"Last Updated"

date and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.