1. Introduction & Who We Are

This Privacy Policy is issued by Vibero (Pty) Ltd ("Vibero", "we", "us", or "our"), a company registered and operating in the Republic of South Africa. We are committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and all applicable South African data protection legislation.

By creating an account on the Vibero platform, you acknowledge that you have read, understood, and agreed to the collection and processing of your personal information as described in this notice.

2. Information Officer

Vibero has appointed an Information Officer as required by POPIA. All data-related queries, access requests, and complaints may be directed to:

Information Officer, Vibero (Pty) Ltd
Email: privacy@vibero.co.za
Postal Address: [Registered Business Address], South Africa

You also have the right to lodge a complaint with the Information Regulator of South Africa at inforeg@justice.gov.za or JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001.

3. Personal Information We Collect

When you register for and use the Vibero platform, we may collect the following categories of personal information:

• Identity Data: Username, date of birth, and gender as provided during registration.
• Account Credentials: Your password (stored in encrypted, hashed format — we never store plaintext passwords).
• Usage & Activity Data: Friends/Squad lists, avatar customisations, in-app purchases, VIB balance history, and content created via Viber Create.
• Financial Data: Payment card details entered during in-app purchases. Note: card data is processed by our certified third-party payment gateway and is not stored on Vibero servers.
• Technical Data: Device type, operating system, browser type, IP address, session timestamps, and interaction logs used for platform security and performance monitoring.
• Communications Data: Any messages, reports, or support queries you send to Vibero.

We do not intentionally collect Special Personal Information as defined under POPIA Section 26 (such as race, health, biometric, or religious data). Please do not submit such information on the platform.

4. Minimum Age Requirement

Vibero is intended for users aged 7 (seven) years and older. Users under the age of 18 are considered minors under South African law. In compliance with POPIA Section 35, we require verifiable parental or guardian consent before processing the personal information of any child under the age of 18. By registering, users under 18 confirm that their parent or legal guardian has reviewed and consented to this privacy policy on their behalf. Vibero reserves the right to terminate accounts where such consent cannot be verified.

5. Lawful Basis for Processing

We process your personal information on one or more of the following lawful grounds as set out under POPIA Section 11:

• Consent: You have given us explicit consent by agreeing to this notice during registration.
• Contractual Necessity: Processing is necessary to provide you with the Vibero platform services, including account creation, avatar features, and in-app purchases.
• Legal Obligation: We may process information where required by South African law, court order, or regulatory authority.
• Legitimate Interest: We may process information to detect fraud, ensure platform security, and improve our services, provided such interests do not override your rights.

6. How We Use Your Information

Your personal information is used for the following specific purposes:

• Creating and managing your Vibero account and avatar.
• Processing VIB currency transactions and maintaining your balance.
• Enabling Squad (friends) features and social interaction on the platform.
• Sending transactional notifications (e.g., purchase confirmations, account alerts).
• Improving platform performance, debugging technical issues, and developing new features.
• Preventing fraud, abuse, and unauthorised access to the platform.
• Complying with legal and regulatory requirements applicable to our business.
• Responding to your queries and support requests.

We will not use your information for unsolicited marketing without your separate, explicit consent.

7. Sharing of Personal Information

Vibero does not sell your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: Trusted third-party operators who process data on our behalf (e.g., cloud hosting providers, payment processors) under strict data processing agreements that comply with POPIA.
• Legal Requirements: When required to disclose information by law, subpoena, court order, or government authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to equivalent privacy protections.
• Safety: Where disclosure is necessary to protect the safety, rights, or property of Vibero, our users, or the public.

Any third party receiving your data is required to comply with POPIA and may only process your information for the specific purpose for which it was shared.

8. Cross-Border Data Transfers

In certain circumstances, your personal information may be transferred to, or processed in, countries outside the Republic of South Africa. When this occurs, Vibero ensures that adequate protection is in place as required by POPIA Section 72, including binding contractual obligations on the recipient that are equivalent to POPIA's protections.

9. Data Retention

We retain your personal information for as long as your account is active and for a reasonable period thereafter for legal and operational purposes. Specifically:

• Account Data: Retained for the duration of your account and up to 5 (five) years after account closure for compliance and dispute resolution purposes.
• Financial Records: Retained for a minimum of 5 (five) years as required by South African financial legislation.
• Technical Logs: Retained for up to 12 (twelve) months for security monitoring purposes.

When data is no longer needed, it will be securely deleted or anonymised.

10. Security Measures

Vibero implements appropriate technical and organisational measures to protect your personal information against unauthorised access, accidental loss, destruction, or disclosure, as required by POPIA Section 19. These measures include:

• Encrypted storage of passwords using industry-standard hashing algorithms.
• Secure HTTPS connections for all data transmission.
• Access controls limiting which personnel can access personal data.
• Regular security assessments and vulnerability testing.
• Third-party payment processing with PCI-DSS compliant providers so that card data never resides on our servers.

In the event of a data breach that is likely to affect your rights, Vibero will notify the Information Regulator and affected data subjects as required by POPIA Section 22.

11. Your Rights as a Data Subject

Under POPIA, you have the following rights regarding your personal information:

• Right of Access (Section 23): You may request confirmation of whether we hold your personal information and obtain a copy thereof.
• Right to Correction (Section 24): You may request that we correct or update inaccurate, incomplete, or outdated information.
• Right to Deletion: You may request the deletion of your personal information where it is no longer necessary for the purpose it was collected, subject to legal retention obligations.
• Right to Object (Section 11(3)): You may object to the processing of your personal information on legitimate grounds.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of prior processing.
• Right to Complain: You may lodge a complaint with the Information Regulator of South Africa if you believe your rights have been violated.

To exercise any of these rights, contact our Information Officer at privacy@vibero.co.za. We will respond within a reasonable time and no later than as required by law.

12. Cookies & Tracking Technologies

The Vibero platform may use session cookies and similar technologies to maintain your logged-in state and improve platform functionality. These technologies do not track you across third-party websites. You may disable cookies through your browser settings; however, this may impact platform functionality.

13. Changes to This Policy

Vibero may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated to registered users via in-app notification or email. Continued use of the platform after changes are posted constitutes your acceptance of the updated policy. The effective date of this policy is displayed below.

14. Governing Law

This Privacy Policy is governed by the laws of the Republic of South Africa, including the Protection of Personal Information Act 4 of 2013, the Electronic Communications and Transactions Act 25 of 2002, and all other applicable South African legislation. Any disputes arising under this policy shall be subject to the jurisdiction of the South African courts.

Effective Date: 1 January 2025  |  Version 1.0  |  Vibero (Pty) Ltd