🚀 The website is continuously being improved. Please let us know if you have an issue so we can fix it. Say hi
Privacy

POPIA notice

Randburg Alumni NPC (registration number 2025/474429/08, "we") is registered as a Responsible Party under POPIA. This notice explains what personal information we collect, why, who we share it with, and how to exercise your rights.

What we collect

  • Identity: full name, email, matric year, phone (optional), city/town (optional).
  • Financial: monthly contribution amount, payment method, and transaction history. Card details are never stored by us - PayFast handles them directly.
  • Profile preferences: whether your name appears on the alumni list, whether your amount is shown publicly, whether you receive marketing email.
  • Donor wall: when you contribute to a project, your name, date, and amount appear on the project's public page. A message is optional and only shown after an admin approves it.
  • Sign-in: we email you a single-use link ("magic link"). No password is stored. If you request a link for an email we don't know, we create an empty profile so the link can work - you can fill it in later or have the record removed.
  • Social sign-in (LinkedIn, Google, Microsoft, Facebook): if you sign in with one of these services, we only receive your name, email, and public profile picture. We do not receive your contacts, messages, posts, or friends. You can disconnect a linked account at any time from your profile page; we keep your profile but remove the provider link.

Who we share it with

  • PayFast - card payments and recurring debit orders. Your card details go directly to them, not through our system.
  • First National Bank (FNB) - receives EFT payments into the Randburg Alumni NPC account. You supply your own reference; we link it to your profile manually once the funds clear.
  • Resend - sends our transactional email (magic links, welcome).
  • LinkedIn, Google, Microsoft, Facebook - only when you actively choose to sign in via one of them. We send them nothing in return - the OAuth protocol is one-way: they confirm your identity to us.
  • We never sell, rent, or trade your information with any marketing partner.

How long we keep it

  • Profile: until you anonymise it or ask us to remove it.
  • Financial records: 7 years, as required by SARS and the Companies Act.
  • Audit log (who changed what, when): for the lifetime of the NPC; required for accountability.

Your rights

  • Access: download a complete export (JSON) of everything we hold about you.
  • Correction: edit name, matric year, phone, location, preferences on your profile page.
  • Right to be forgotten: anonymise your record - name disappears from the alumni list and donor wall, financial totals remain anonymised for SARS audit.
  • Withdraw consent: stop marketing email on your profile page, or email us.
  • Complain to the Information Regulator (inforegulator.org.za) if we don't respond.

Security

Traffic to the site is encrypted (HTTPS / TLS). Sign-in is via single-use links, not passwords. Our database runs on a server in Europe (Hetzner) with strict access control. If an incident exposes your information, we will notify you and the Information Regulator within 72 hours.

Contact

Information officer: Thiart van der Merwe
info@oudrandjies.co.za

Last updated: 2026-05-12

filum