Reward Store & InstaHub Privacy Notice

This privacy notice (the "Notice") explains how we process personal data in relation with your use of the African Bank Reward Store & InstaHub sites (the "Sites"). Your use of the Sites is governed by the Rewards Store Terms & Conditions and the Instahub Terms and Conditions.

When you login to or use the Sites, the processing of your personal data will be African Bank Limited, Registration number 2014/176899/06, including all its affiliate companies, has its head office at 59 16th Road, Midrand, 1686. ("Provider", "we", "us", "our"). We are the controller for the personal data we process on the Sites.

Loylogic Rewards FZE, with registered address at Dubai Airport Free Zone Authority, P.O. Box 293805, Dubai, United Arab Emirates, together with its subsidiaries and affiliates ("Loylogic") operates the Sites and processes data as a processor on our behalf. For general questions related to the Sites, in the first instance please contact africanbank@loylogic.com and/or privacy@loylogic.com.

Please note that when you purchase or claim a product or service on the Sites (the "Reward"), the processing of your personal data will be controlled separately by the seller or offeror of that product or service (the "Merchant"). Loylogic acts as a processor for that data on behalf of each Merchant. To learn more about Merchants and their data processing please see merchant privacy notice. Please refer to the Merchant details tab on the Sites to learn more about the Merchants.

2.1 When you login to or use the Sites, we may collect some or all of the following personal and non-personal data (please also see section 6 on our use of Cookies and similar technologies):

• personal details (eg, name, date of birth, gender);
• contact information (e.g. telephone number, address details, country of residence, e-mail address);
• general payment information such as credit / debit card details;
• technical information (e.g. IP address, web browser type and version, operating system);
• loyalty program account information (inc. user program profile details, points balance, membership tier, membership number); and
• data from Merchants

2.2 You are at no time obliged to provide us with your personal data. However, without personal data we will not be able to sign you up for or let you use the Reward Store or communicate with you.

3.1 We may process the data set out in section 2 above in order to provide and operate the Sites, and to respond to your enquiries and follow up with you if needed, in particular to:

• authenticate your identity
• process transactions you have requested
• reply to e-mails from you

When processing this personal data, we will rely on the legal ground that the processing is necessary for the performance of a contract with you and/or in order to take steps at your request prior to entering into that contract.

3.2 In addition, we may process the data to:

• allow us to improve our services to you or to develop new services
• personalise and tailor your experience on the Sites
• analyse your use of the Sites and gather feedback to enable the improvement of the Sites and your user experience.

When processing this personal data, we will rely on the legal ground that we have a legitimate interest in processing your data in this manner.

4.1 We may co-ordinate with third parties in the provision of services to you (e.g., payment service providers, financial institutions and suppliers). These parties may process your personal data to supply services to you on our behalf as well as for their own purposes. In that case, these parties act as separate controllers, and you are invited to review their privacy notices to learn more about their processing.

4.2 In case that we share and transfer your personal data with third parties (incl. other group-companies) that are located outside of the Republic of South Africa ("RSA") and/or of the European Economic Area ("the EEA") we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be under the data protection law applicable to respective processing in RSA or within the EEA. In such cases, we will ensure data protection with standard contractual clauses for data transfers to third countries issued and approved by the EU Commission and/or the Federal Data Protection and Information Commissioner (FDPIC), as accordingly amended and adapted to local circumstances. If you wish to receive a copy of these clauses, please contact us (cf. section 1 above).

We do not keep your personal data for any longer than is necessary in light of the reason(s) it has been collected. We moreover retain personal data as long as we have a legitimate interest in the storage, e.g., if we need personal data for the enforcement of or the defence against claims, for archiving purposes and for guaranteeing IT security. We also retain your personal data as long as you do not withdraw your consent and it is subject to a legal retention obligation.

6.1 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. Our website use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.

6.2 Before cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those cookies. By continuing to browse our website or where you provide consent separately (for example for delivering targeted ads on other websites you may visit), you are agreeing to our use of cookies.

6.3 We use the following cookies:

• Strictly necessary cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
• Performance cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
• Functionality cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
• Targeting cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
• Social Media Cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

6.4 Cookies are destroyed once they are no longer necessary for their purpose. You do not have to allow us to use cookies, and you can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, whilst our use of them does not pose any risk to your privacy or your safe use of the Sites, it does enable us to continually improve the website, making it a better and more useful experience for you, and if you block all cookies you may not be able to access all or parts of our site.

6.5 We may also use other technologies to collect information about the use of our website, such as Local Storage, and similar technologies.

6.6 Our website may contain links to third party website some of which may also use cookies and other technologies. This Notice does not cover third party website which will be subject to their own privacy and cookies policies. We do not have access to or control over cookies or other features used by such website. Please contact them directly for more information about their privacy practices.

7.1 This website uses Google Analytics, a web analysis service of Google Inc. and Google LLC ("Google"). Google uses cookies and other technologies to collect and analyze information about the use of this website and in order to provide services to us. Google may collect data about your browser, your provider, visited pages and duration of visits, your IP address, device identifiers (e.g., Android Advertising Identifier or Advertising Identifier for iOS), etc. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. However, as IP anonymisation is activated on this website, Google will shorten your IP address within the European Union or European Economic Area beforehand. In exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. For these cases Google relies on the European Commission's model contract clauses. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website and Internet use.

7.2 You may refuse the use of cookies by selecting the appropriate settings on your browser (sec. 6.4). You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

7.3 We use Google Analytics to analyse and regularly improve the use of our website. Through the obtained statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google relies on the European Commission's model contract clauses.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of Use: https://marketingplatform.google.com/about/analytics/terms/us/

Privacy Notice: https://policies.google.com/privacy?hl=en

8.1 This website uses the web analysis service Flurry to analyse and regularly improve the use of our website. This way we can improve our offer and make it more interesting for you as a user. This service collects and submits anonymous, aggregated data, which are anonymized via a secure hashing protocol, to analytics servers. This data includes information on which features are most frequently used, as well as your mobile device UDID (unique phone Identifiers) and/or IMEI (International Mobile Equipment Identities). No personally identifiable information is collected.

8.2 For more information on Flurry Analytics' use of your information, please review the Flurry Analytics Terms of Service and the Flurry Analytics Privacy Policy.

8.3 Cookies are stored on your computer for this evaluation. The information collected in this way is stored on servers, also in the USA. You may refuse the use of cookies by selecting the appropriate settings on your browser (sec. 6.4). The prevention of the storage of cookies is possible through the setting in your browser or by visiting https://developer.yahoo.com/flurry/end-user-opt-out/

8.4 Third party information: Flurry Inc., 282 2nd St #202, San Francisco, CA 94105, USA;

privacy@flurry.com; privacy policy: https://policies.yahoo.com/us/en/yahoo/privacy/index.htm

9.1 This website uses AddThis plug-ins. These plug-ins allow you to log in to the website and to bookmark or share interesting content with other users. Through the plug-ins we offer you the possibility to interact with the following social media networks: Facebook, Google+, Twitter, LinkedIn and Pinterest. This allows us to improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug- ins is Art. 6(1) sentence 1 lit. f GDPR.

9.2 Using these plug-ins, your Internet browser establishes a direct connection to the AddThis servers and the selected social networking or bookmarking service, if applicable. The recipients receive information that you have accessed the corresponding website of our online offer and the data mentioned under section 3 of this policy. This information is processed on AddThis servers in the USA. When you send content on our website to social networks or bookmarking services, a link can be established between visiting our website and your user profile on the relevant network.

9.3 The providers store this data as user profiles and use it for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged- in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.

9.4 If you do not wish to participate in this process, you can object to the collection and storage of data at any time by setting an opt-out cookie with effect for the future: http://www.addthis.com/privacy/opt-out Alternatively, you can set your browser to prevent the setting of a cookie.

9.5 For more information about the purpose and scope of data collection and processing by the plug-in and social media providers please refer to their data protection declarations as noted below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.

• AddThis LLC, 1595 Spring Hill Road, Sweet 300, Vienna, VA 22182, USA,
  www.addthis.com/privacy.
• Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA;
  http://www.facebook.com/policy.php;

• Google Inc., 1600 Amphitheater Parkway, Mountainview, CA 94043, USA;
  https://policies.google.com/technologies/partner-sites
• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA;
  https://twitter.com/privacy.
• LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
  http://www.linkedin.com/legal/privacy-policy
• Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland;
  https://policy.pinterest.com/en/privacy-policy

10.1 You have the following rights in relation to your personal data, subject to the requirements of applicable law:

• Access: the right to request, at any time and free of charge, access to your personal data stored and processed by us;
• Rectification: the right to have incorrect or incomplete personal data corrected or updated;

• Deletion: the right to have your personal data erased if it is no longer necessary or if you have withdrawn consent or have objected to the processing (provided there are no other grounds for processing), or if your personal data is processed unlawfully;
• Restriction: the right to request that the processing of your personal data be restricted;
• Right to data portability: the right to receive or transfer to someone else the personal data that you have provided to us, free of charge, in a commonly used and machine-readable format;
• Right to lodge a complaint: the right to lodge a complaint with a competent supervisory authority about the way we process your personal data or your requests;
• Right to withdraw consent: the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You also have the right to object to data processing and revoke consent.

10.2 Servicing emails sent to you are triggered automatically when you use the website, for example, when you make a purchase or if you add items to a wish list. If you do not wish to receive service triggered emails, you must stop using the website.

11.1 Securing your personal and non-personal information is very important to us and we take the necessary technical and organizational measures in order to ensure an adequate level of data protection appropriate to the risk that is related to a respective processing. In particular, all customer databases are held in a secure environment and (except for law enforcement authorities in limited circumstances), only our employees or other persons who need access to your information in order to perform their duties are allowed such access.

11.2 Where you are using our website, we attempt to provide for the secure transmission of your information from your computer to our servers by utilising encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us will be free from unauthorised access by third parties, such as hackers.

11.3 Our website utilise SSL certificate-based encryption on pages where secure information is transmitted over the Internet. All critical information is encrypted using AES 256 algorithm and stored.

We may change this Privacy Notice from time to time as we add new products and apps, as we improve our current offerings, and as technologies and laws change. Any changes will become effective upon our posting of the revised Privacy Notice on our affected website. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Moreover, this notice will be provided by email or by posting notice of the changes consistent with applicable laws.

Date: 23^rd December, 2022